SSH key-based authentication on Linux

What you will achieve

Passwordless SSH login using ed25519 keys, with correct permissions and a tested second session before hardening.

1) Generate a key pair (on your client machine)

ssh-keygen -t ed25519 -a 64 -f ~/.ssh/id_ed25519 -C "your_email@example.com"

Set a passphrase on the key — it protects the private key if the laptop is compromised.

2) Install the public key on the server

ssh-copy-id -i ~/.ssh/id_ed25519.pub user@server.example.com

Manual alternative on server:

mkdir -p ~/.ssh && chmod 700 ~/.ssh
nano ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Paste the single-line public key. Never paste the private key.

3) Test before locking yourself out

Open a second terminal and connect:

ssh -i ~/.ssh/id_ed25519 user@server.example.com

Keep the original session open until key login works.

4) Harden sshd (optional, after keys work)

Edit /etc/ssh/sshd_config on the server:

PasswordAuthentication no
PermitRootLogin no
PubkeyAuthentication yes

sudo systemctl reload sshd

Confirm you still have key-based access in another window before closing all sessions.

5) Client config shortcut

Host myserver
  HostName server.example.com
  User deploy
  IdentityFile ~/.ssh/id_ed25519

Add to ~/.ssh/config with mode 600.

Verify

Login succeeds with key + passphrase. Password login fails only after you intentionally disable it and retest.