LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

How do you switch from password to key-based SSH authentication?

Generate a key pair, push the public half to the server with ssh-copy-id, confirm key login works, then turn off PasswordAuthentication — in that order, so you never lock yourself out.

The sequence matters because the last step closes the password door behind you. If you disable passwords before confirming your key works, and the key is misconfigured, you have no way back in.

Steps to set up key-based authentication:

# 1. Generate key pair on client
ssh-keygen -t rsa -b 4096

# 2. Copy public key to server
ssh-copy-id user@server

# 3. Test key-based login
ssh user@server

# 4. (Optional) Disable password auth on server
sudo vim /etc/ssh/sshd_config

Important sshd_config settings:

# Disable root SSH login
PermitRootLogin no
# Require key auth
PasswordAuthentication no

After config changes:

sudo systemctl restart sshd

Best practices:

  • Disable root login (PermitRootLogin no)
  • Disable password auth after keys work
  • Use ssh-agent to cache key passphrase
  • Use strong passphrase on private key

Warning: Test key login works BEFORE disabling password auth, or you may lock yourself out!

Go deeper:

From Quiz: LIOS / User Management and Permissions | Updated: Jul 05, 2026