Server Connection Guide: SSH Public/Private Key Authentication

EEva·February 26, 2026·2 min read

How It Works

The core logic of SSH passwordless login is "trust the key, not the person": store your local computer's public key in the server's trusted whitelist (authorized_keys). Once the local private key successfully pairs with the public key on the server, you can log in directly without
entering a password.

The local private key pairs with the public key on the server, allowing direct login without a password.

Step-by-Step Guide

Step 1: Get the Public Key on Your Local Machine

$ cd ~/.ssh                      # Navigate to the local SSH config directory
$ ls                             # List directory contents
$ cat id_ed25519.pub             # Display the public key
  • What this does: Go to the local key storage directory (~/.ssh), find your public key file (with the .pub suffix, standing for Public), and copy the entire content starting with ssh-ed25519....
  • Note: This uses the ed25519 algorithm, which is the currently recommended type — more secure, shorter, and faster to parse than traditional RSA.

Step 2: Configure the Whitelist on the Remote Server

ubuntu@VM-0-14-ubuntu:~$ cd .ssh           # Navigate to the server's SSH directory
ubuntu@VM-0-14-ubuntu:~/.ssh$ ls            # List existing files
ubuntu@VM-0-14-ubuntu:~/.ssh$ vim authorized_keys # Edit the trusted key list
  • What this does: After logging into the server, open the authorized_keys file that stores the trusted key list.
  • Final action: Paste the local public key copied in Step 1 on a new line. Save and exit vim (press Esc, type :wq, then Enter).

Step 3: Enjoy Passwordless Login

Now, simply type ssh ubuntu@SERVER_IP in your local terminal to connect instantly — no password prompt.

Key Files Explained

File Purpose Location Can it be exposed?
id_ed25519 Private Key: the sole credential that proves "you are you". Local machine 🚫 Absolutely not
id_ed25519.pub Public Key: used by others to verify "you are indeed you". Local machine / target device ✅ Safe to share
authorized_keys Trusted whitelist: contains all public keys allowed to log in to this server without a password. Remote server 🔒 Admin-only access

💡 Tip: If you're on a new machine and don't even have the id_ed25519 file from Step 1, simply run ssh-keygen -t ed25519 locally to generate one. For the copy-paste operation above, you can also use a single command instead: ssh-copy-id ubuntu@SERVER_IP.

#SSH
home