Scalar
Blog
July 3, 2025

How to Generate SSH Keys and Connect to Your VPS Securely (2025 Guide)

How to generate SSH keys and set up secure, password-free VPS access on Linux, Windows, and macOS with best practices.

Max Diamond
Max Diamond
6 mins read

You’ve just spun up your first VPS and need to connect securely. While you could keep using passwords, there’s a better way. SSH keys eliminate the need to type passwords every time you connect, and they’re far more secure than any password you could create.

SSH keys work using public-key cryptography: you generate a pair of keys (one private, one public), keep the private key on your computer, and place the public key on your server. When you connect, the server checks if your private key matches the public key on file. If they match, you’re in.

By the end of this guide, you’ll know how to generate SSH keys, upload them to your VPS, and connect securely without passwords. We’ll also cover common mistakes and how to fix them when things go wrong.

TLDR

Terminal window
# Generate key
ssh-keygen -t ed25519 -C "[email protected]"


# Copy to server
ssh-copy-id -i ~/.ssh/id_ed25519.pub [email protected]


# Connect
ssh [email protected]

Why SSH Keys Are (Still) the Secure Choice

  • Unphishable: There’s no password to steal or reuse.
  • Strong cryptography: Ed25519 keys are small, fast, and secure.
  • Local protection: You can encrypt the private key with a passphrase.
  • Granular access: A key can be limited to specific users, hosts, or commands.
  • Auditable & revocable: Remove one public key without affecting others.
  • VPS logins (e.g., Ubuntu/Debian servers you manage with Serversinc).
  • Git operations with GitHub/GitLab/Bitbucket.
  • Automations/CI that need server access without interactive passwords.
  • Tunneling/port-forwarding for secure access to internal services.

Generating Your SSH Key Pair

Always use Ed25519 unless you’re connecting to very old systems (pre-2014). It’s faster, more secure, and creates smaller keys than RSA.

Terminal window
ssh-keygen -t ed25519 -C "[email protected]"

When prompted:

  • File location: Press Enter for default (~/.ssh/id_ed25519) or specify a custom path
  • Passphrase: Always use one for VPS access** - it’s your last line of defense if someone gets your private key

You’ll see output like:

Your identification has been saved in /home/you/.ssh/id_ed25519
Your public key has been saved in /home/you/.ssh/id_ed25519.pub

Set Correct Permissions

This is crucial - SSH will refuse to work if permissions are too open:

Terminal window
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 644 ~/.ssh/id_ed25519.pub

Uploading Your Public Key to Your VPS

You need to get your public key (the .pub file) onto your server. Never upload your private key.

Terminal window
ssh-copy-id -i ~/.ssh/id_ed25519.pub [email protected]

This automatically creates the right directories and sets correct permissions.

Method 2: Manual Upload

If ssh-copy-id isn’t available:

  1. Display your public key:
Terminal window
cat ~/.ssh/id_ed25519.pub

  1. Copy the entire output (it should be one long line starting with ssh-ed25519)

  2. Connect to your server with password:

Terminal window
ssh [email protected]
  1. Create the SSH directory and add your key:
Terminal window
mkdir -p ~/.ssh
echo "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI... [email protected]" >> ~/.ssh/authorized_keys
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Testing Your SSH Key

Try connecting with your key:

Terminal window
ssh -i ~/.ssh/id_ed25519 [email protected]

If you used the default key name (id_ed25519), you can omit the -i flag:

Terminal window
ssh [email protected]

You should be prompted for your passphrase (not your server password). After entering it, you should be logged in.

Create ~/.ssh/config to simplify connections:

Host myserver
    HostName your-server.com
    User yourusername
    IdentityFile ~/.ssh/id_ed25519
    IdentitiesOnly yes

Now you can connect with just:

Terminal window
ssh myserver

Security Best Practices

1. Disable Password Authentication (After Testing SSH Keys)

Once SSH keys work, disable password login on your server:

Terminal window
sudo nano /etc/ssh/sshd_config

Change or add these lines:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Restart SSH:

Terminal window
sudo systemctl restart sshd

2. Key Management Rules

  • Never share your private key, treat it like a password
  • Use passphrases for any key that accesses servers
  • Separate keys for different servers/services
  • Store encrypted backups of your keys securely

3. Additional Server Hardening

  • Change SSH port from default 22: Port 2222 in sshd_config
  • Disable root login: PermitRootLogin no
  • Use fail2ban to block brute force attempts

Common Mistakes and How to Fix Them

”Permission denied (publickey)”

Most common causes:

  1. Wrong permissions - Fix with:
Terminal window
chmod 700 ~/.ssh
chmod 600 ~/.ssh/id_ed25519
chmod 600 ~/.ssh/authorized_keys  # on server
  1. Public key not properly added - Check the server’s ~/.ssh/authorized_keys:
Terminal window
cat ~/.ssh/authorized_keys

Should be one long line per key, no line breaks.

  1. Wrong username or hostname - Double-check these match your server setup.

”Too many authentication failures”

SSH tries multiple keys and gives up after 6 attempts. Use IdentitiesOnly yes in your SSH config, or specify the exact key:

Terminal window
ssh -o IdentitiesOnly=yes -i ~/.ssh/id_ed25519 user@server

“Connection timed out”

  • Check if SSH service is running: sudo systemctl status sshd
  • Verify the port (default 22): ssh -p 2222 user@server if changed
  • Check firewall settings: sudo ufw status

Key Not Found Errors

SSH looks for keys in specific locations. If you used a custom name, either:

  • Specify it: ssh -i ~/.ssh/custom_key user@server
  • Or add to SSH config with IdentityFile directive

Accidentally Uploaded Private Key

If you accidentally put your private key in authorized_keys:

  1. Remove it immediately: nano ~/.ssh/authorized_keys
  2. Generate a new key pair
  3. The old private key is now compromised

What to Do If You Get Locked Out

Prevention is better than cure, but if you lose access:

  1. VPS providers usually offer console access through their web panel
  2. Recovery mode or rescue system (most VPS providers support this)
  3. Backup access method, always keep password authentication enabled until you’re 100% sure SSH keys work
  4. Snapshot/backup your server before making SSH changes

Troubleshooting with Verbose Output

When things go wrong, add -vvv for detailed debugging:

Terminal window
ssh -vvv [email protected]

This shows exactly what SSH is trying and where it fails.

Platform-Specific Notes

Windows (PowerShell)

Windows 10/11 include OpenSSH:

Terminal window
ssh-keygen -t ed25519 -C "[email protected]"

Keys are stored in: C:\Users\YourName\.ssh\

macOS

Add key to keychain to avoid repeated passphrase prompts:

Terminal window
ssh-add --apple-use-keychain ~/.ssh/id_ed25519

Conclusion

SSH keys are essential for secure VPS management. They’re more secure than passwords, more convenient once set up, and industry standard for server access. Take time to set them up properly - the security benefits are worth the initial effort.

Remember: protect your private key like a password, use passphrases, and always test your setup before disabling password authentication.

Wrap-up

Deploying apps shouldn’t be complicated or expensive. Serversinc gives you the features of a managed hosting platform while keeping full control of your own servers.

If that’s the way you want to ship projects, create a free Serversinc account, try a 14-day free trial .