🔑 Connecting to a Remote Server via SSH & Key Authentication

Introduction

This guide walks you through:

Installing and configuring OpenSSH on the remote server
Testing a basic SSH connection using a password
Generating an SSH key pair on your local machine
Installing your public key on the remote host
Configuring your SSH client for seamless key-based logins
(Optional) Loading your key into an SSH agent
Testing and troubleshooting

1. Install & Enable OpenSSH on the Remote Server

On the remote Ubuntu host, install and start the SSH server:

sudo apt-get update
sudo apt-get install -y openssh-server
sudo systemctl enable ssh
sudo systemctl start ssh

Verify SSH is running:

sudo systemctl status ssh
# or simply:
ss -tln | grep :22

If you’re using a firewall, allow SSH:

sudo ufw allow ssh
sudo ufw enable

From your local machine (Linux/macOS/WSL), try:

ssh username@remote-server-ip

Enter your account password when prompted.
If you can log in, SSH is correctly set up.
Exit with exit or Ctrl+D.

3. Generate an SSH Key Pair (Local Machine)

On your local workstation, create an ED25519 key:

ssh-keygen -t ed25519 -f ~/.ssh/my_key -C "your_email@example.com"

-f ~/.ssh/my_key → writes private key to ~/.ssh/my_key and public key to ~/.ssh/my_key.pub
When prompted, enter a passphrase (strongly recommended) or leave blank.

4. Install Your Public Key on the Remote Host

a. Using `ssh-copy-id`

ssh-copy-id -i ~/.ssh/my_key.pub username@remote-server-ip

b. Manual method

cat ~/.ssh/my_key.pub | ssh username@remote-server-ip \
  'mkdir -p ~/.ssh && chmod 700 ~/.ssh && \
   cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys'

Tip: On the server, verify permissions:

ls -ld ~/.ssh         # should be drwx------ (700)
ls -l ~/.ssh/authorized_keys  # should be -rw------- (600)

5. Configure Your Local SSH Client

Edit (or create) ~/.ssh/config and add:

Host myserver
    HostName remote-server-ip      # IP or domain
    User username
    IdentityFile ~/.ssh/my_key
    IdentitiesOnly yes             # only offer this key
    AddKeysToAgent yes             # auto-load into ssh-agent
    # UseKeychain yes              # macOS only: store passphrase

Now you can connect with:

ssh myserver

6. Load Your Key into the SSH Agent (Optional)

To avoid retyping your passphrase every time:

# Start agent if needed
eval "$(ssh-agent -s)"

# Add your key (enter passphrase now)
ssh-add ~/.ssh/my_key

On macOS, you can also integrate with Keychain:

ssh-add --apple-use-keychain ~/.ssh/my_key

7. Test & Troubleshoot

Connect key-only
```
ssh myserver
```
You should reach the shell without a password prompt (aside from your key’s passphrase, if not cached).
If you still get a password prompt
- Ensure the server’s /etc/ssh/sshd_config has:
```
PubkeyAuthentication yes
PasswordAuthentication no
```
- Restart SSH on the server:
```
sudo systemctl restart ssh
```
- Verify your local ssh -v myserver debug output.
Permission errors
- On remote: ~/.ssh must be 700, authorized_keys must be 600.
- On local: private key ~/.ssh/my_key must be 600.

You’re all set! You’ve installed SSH, confirmed password-based access, then secured and streamlined your logins with key-based authentication. Happy, password-less connecting!

Introduction​

1. Install & Enable OpenSSH on the Remote Server​

2. Test Password-Based SSH Login​

3. Generate an SSH Key Pair (Local Machine)​

4. Install Your Public Key on the Remote Host​

a. Using ssh-copy-id​

b. Manual method​

5. Configure Your Local SSH Client​

6. Load Your Key into the SSH Agent (Optional)​

7. Test & Troubleshoot​