Manage SSH server and keys for secure access

Hands-on steps to run, harden and maintain an SSH server and its keys.

16.11.2025 | reading time: 2 min

Secure shell (SSH) is the gateway to remote Linux systems; this guide shows how to create keys, configure the server and keep key-based access safe and auditable.

From zero to key-based login

Create a modern keypair, deploy the public key to the server and switch off password logins with these commands: ``` ssh-keygen -t ed25519 -f ~/.ssh/id_ed25519 -C admin@host # follow prompts to add a passphrase ``` ``` ssh-copy-id -i ~/.ssh/id_ed25519.pub user@server.example.com # output will show how many keys were added ``` Edit the server config and reload: ``` # edit /etc/ssh/sshd_config PubkeyAuthentication yes PasswordAuthentication no PermitRootLogin no # then reload sudo systemctl reload sshd ``` Then test with `ssh user@server.example.com` and verify you get a prompt without supplying a password.

Hardening and key lifecycle

Make changes safe: test the config with `sshd -t` before reloading, restrict keys in `~/.ssh/authorized_keys` with options like command=,from= and no-port-forwarding, use `ssh-agent` and `ssh-add` for cached passphrases, rotate keys by generating a new key and replacing the public entry on servers, and revoke by removing the public key from `authorized_keys` or by updating a central key store; use `ssh -v` for debug and `ssh-keygen -R host` to remove stale known_hosts entries.

Useful helpers

Several small tools make life easier: `ssh-copy-id` simplifies key deployment, `ssh-keyscan` helps fingerprint collection for automation, `sftp` and `scp` provide file transfer, and `rsync` over SSH is great for efficient backups; consider integrating SSH with central authentication or jump hosts for larger infrastructures.

Next steps

Run the examples, then experiment with key options, agent forwarding and config Match blocks to fit your environment; mastering SSH is foundational for secure systems work, so deepen your Linux skills and consider formal certification — CompTIA Linux+ or LPIC-1 — and intensive exam preparation at bitsandbytes.academy can accelerate that path.

Join Bits & Bytes Academy First class LINUX exam preparation.

security network utilities