How To Set Up SSH Keys on Ubuntu 16.04



We’ll show you how to set up SSH keys on Ubuntu 16.04. SSH or Secure SHELL is the most popular and trusted UNIX-based cryptographic network protocol. It can be used for a secure data communication, remote server logins, remote command execution, and many other secure network services between two networked servers. Normally, password authentication is used to connect to a remote server via SSH but in this tutorial we will show you how to login to your Ubuntu 16.04 VPS using SSH keys. We will generate a key pair (private and public key), place the private key on your server and then use your locally stored private key to gain access to your server. This method provides a more secure way of connecting to your server, instead of just using a password.

During the course of this tutorial, we will also explain how to generate an SSH key pair on both Linux and a Windows operating system.

1. Generating SSH keys on Ubuntu 16.04

To generate the SSH key pair, simply run the following command from the terminal on your local Ubuntu 16.04 based computer:


You can just press Enter to leave the default values to all the questions. Optionally, you can also set a passphrase to add an extra layer of security, or just press Enter again if you don’t want to.

Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/
The key fingerprint is:
SHA256:2QB/eJ39/4N7Q3PRSghNJmglX6hh2pSqQ3uGHhfd7Og [email protected]
The key's randomart image is:
+---[RSA 2048]----+
|       . .+o++   |
|       oB+o=.o   |
|       O+=+.o.. .|
|    . + +*o . .o.|
|   . + .So.  . .o|
|    * + . .   .oo|
|   . * .      o +|
|     .   E   . +.|
|             .o +|

This will create a 2048 bit private and public key (id_rsa and in the /root/.ssh/ directory on your local system.

Upload the Public Key to the Ubuntu 16.04 server with ssh-copy-id

The next step requires that you upload the generated public key to your remote Ubuntu server. There is more than one method to do this.

The most simple way is to use the ssh-copy-id utility. In order for this to work, you should be able to connect to your server via SSH using password authentication.

You can then use the following command to upload the public key to your remote server:

ssh-copy-id [email protected]_server

You will be asked to enter your user password (in our example that would be the root password) and press Enter. After the connection has been established, the contents of the (the public key) will be copied into the /root/ssh/authorized_keys file on the remote server.

The following output should be displayed:

Number of key(s) added: 1

Now try logging into the machine, with: "ssh '[email protected]'"
and check to make sure that only the key(s) you wanted were added.

From now on, you should now be able to authenticate to your Ubuntu server using your SSH keys.

Upload the Public Key to the Ubuntu server manually

If the ssh-copy-id tool is not available on your system, you can log in to your server and do this manually.

First, connect yo your server via SSH with:

ssh [email protected]_server

Once connected, you will need to create a new .ssh directory on the remote server with the following command:

mkdir /root/.ssh

Next, you need to copy the public key into the authorized_keys file on the remote server. You can create and then add the contents of the public key using the nano text editor:

nano /root/.ssh/authorized_keys

You will also need to open the SSH configuration file:

nano /etc/ssh/sshd_config

and make sure the following lines exist and are not commented:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys

Save the changes and restart the SSH service:

systemctl restart ssh

That’s it. From now on, you will be using the SSH keys every time you try to connect to your remote server.

2. Generating SSH keys on Windows based system with PuTTY and PuTTYGen

If you are using Windows operating system on your local machine, then you will need PuTTY for connecting to your server via SSH and PuTTYgen to generate your SSH keys. You can download them over here (

To generate the SSH keys, go ahead and start PuTTYGen on your computer.

At the bottom, you can choose the number of bits for your generated key. Type in 4096 and then click on Generate. Start moving your mouse around over the blank area on the PuTTYgen screen in order to generate a unique key based on your mouse movement input.

When the green progress bar fills in, the public key will be generated. You can copy they key and save it inside a .txt file on your computer.

To save the private key, you will need to click on the Save private key button. Additionally, you can also set a Key Passphrase for your private key.

Now you can open PuTTY and to assign the location of your private key, click on SSH under the Connection menu and then click on Auth. Click on the browse button and enter the location of your saved private key file.

Next, we need to upload the public key to your server. To do this, click on Session, enter your IP address and the SSH port number of your server, select SSH for Connection type and click on Open.

You will be asked for your user name and password. You can log in as user root, using your root password.

Once logged in to your server, first create the .ssh directory:

mkdir /root/.ssh

Then create the authorized_keys file inside the .ssh directory and add the contents of your public key inside this file:

nano /root/.ssh/authorized_keys

You can also open the SSH configuration file on your server with:

nano /etc/ssh/sshd_config

and make sure that the following lines exist and are not commented:

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys

If any changes have been made, dont forget to restart the sshd service with:

systemctl restart ssh

With this, the SSH keys has been succesfully configurad.You can now disconnect from your server and exit PuTTY. The next time your try to connect to your server, PuTTY will use the public key that you have set up in order to establish the connection.

3. Disable Password Authentication

Once you have successfuly configured the SSH keys using either of the above methods and you made sure that you can login to your server using SSH key based authentication, you can disable password based authentication to your server. This will add additional layer of security and will prevent all brute force attacks towards your server.

To disable the password-based authentication, open the SSH configuration file with:

nano /etc/ssh/sshd_config

And uncomment the following line and set its value to “no”:

PasswordAuthentication no

Restart the sshd service with:

systemctl restart ssh

That’s it. You have successfully set up SSH keys on your Ubuntu 16.04 VPS.




Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.