What Is SSH?

SSH (Secure Shell) is an encrypted protocol for securely accessing and controlling remote computers over a network. It is the standard way to manage Linux servers, Raspberry Pis, cloud instances (AWS, DigitalOcean, Google Cloud) and network devices from the command line.

Step 1: Generate an SSH Key Pair

  1. 1

    Open Terminal (Mac/Linux) or PowerShell/Windows Terminal (Windows)

    SSH is built into macOS, Linux and Windows 10/11. No additional software needed.

  2. 2

    Generate the key pair

    Run: ssh-keygen -t ed25519 -C "your_email@example.com". Press Enter to accept the default file location (~/.ssh/id_ed25519). Enter a passphrase (strongly recommended) or press Enter for no passphrase. This creates two files: id_ed25519 (private key — never share this) and id_ed25519.pub (public key — goes on servers).

Step 2: Copy Your Public Key to the Server

  1. 3

    Use ssh-copy-id (easiest)

    Run: ssh-copy-id username@server-ip-address. Enter your password when prompted. This automatically adds your public key to the server’s ~/.ssh/authorized_keys file.

  2. 4

    Manual method if ssh-copy-id is unavailable

    Copy your public key: cat ~/.ssh/id_ed25519.pub. Log into the server with your password. Run: mkdir -p ~/.ssh && echo "PASTE_KEY_HERE" >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys. Replace PASTE_KEY_HERE with the full public key text.

Step 3: Connect

  1. 5

    SSH into the server

    Run: ssh username@server-ip-address. If you added a passphrase to your key, enter it. You are now connected.

Step 4: Disable Password Authentication (Security Best Practice)

  1. 6

    Edit the SSH server configuration

    On the server, edit the SSH config: sudo nano /etc/ssh/sshd_config. Find and set: PasswordAuthentication no. Save (Ctrl+X, Y, Enter). Restart SSH: sudo systemctl restart sshd. Now only key-based authentication works. Ensure your key works before doing this or you will lock yourself out.

SSH config file for convenienceCreate or edit ~/.ssh/config on your local machine to save connection shortcuts. Add: Host myserver / HostName server-ip / User username. Then connect simply with: ssh myserver instead of the full command each time.

Frequently Asked Questions

SSH keys are cryptographically far stronger than passwords. A typical SSH key is equivalent to a password of 50+ random characters. Keys also enable automated connections (scripts, CI/CD pipelines) without stored passwords. Password-based SSH is vulnerable to brute-force attacks; key-based authentication is not. Production servers should always use key-based authentication with password authentication disabled.
Windows 10 and 11 include OpenSSH built-in. Open PowerShell or Windows Terminal and use the same ssh commands as Mac and Linux. Alternatively, PuTTY is a free Windows SSH client with a graphical interface. Windows Subsystem for Linux (WSL) provides a full Linux environment with SSH if you prefer a Unix-like experience.