SSH key authentication is far more secure than password-based login. A cryptographic key pair — private key on your machine, public key on the server — lets you connect without a password and protects against brute-force attacks. This guide covers generating a key pair and deploying it on Ubuntu 26.04 LTS.
Tested and valid on:
- Ubuntu 26.04 LTS
Prerequisites
- Ubuntu 26.04 LTS server with SSH running
- A user account on the server
- An SSH client on your local machine (Linux/macOS/Windows)
Step 1 – Generate an SSH Key Pair (on your local machine)
Ed25519 keys are recommended for their speed and security:
ssh-keygen -t ed25519 -C "[email protected]"Accept the default path (~/.ssh/id_ed25519) and set an optional passphrase.
Step 2 – Copy the Public Key to the Server
The ssh-copy-id command handles this automatically:
ssh-copy-id username@your_server_ipOr manually append it:
cat ~/.ssh/id_ed25519.pub | ssh username@your_server_ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"Step 3 – Set Correct Permissions on the Server
SSH requires strict permissions on the .ssh directory:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keysStep 4 – Test Key Authentication
Log in with your key:
ssh username@your_server_ipIf a passphrase is set, you will be prompted for it rather than the account password.
Step 5 – Disable Password Authentication
Once key login works, open the SSH config:
sudo nano /etc/ssh/sshd_configSet or confirm:
PasswordAuthentication no
PubkeyAuthentication yesReload SSH:
sudo systemctl reload sshStep 6 – Add the Key to ssh-agent (optional)
To avoid entering the passphrase every session:
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_ed25519Conclusion
Your Ubuntu 26.04 LTS server now requires SSH key authentication, eliminating password brute-force risk. Store your private key securely and never share it. Back up your key pair to a safe location.
