Configure SSH Keys

Last updated February 3, 2026

In this article, we will look at how to create SSH keys on devices with different operating systems and how to copy them to a server for SSH connections.

Create SSH Keys
Copy link

Follow these steps to create an SSH key pair on your local machine.

  1. Launch a terminal or Windows PowerShell on your computer and run the command:

ssh-keygen

  1. You will see a similar message:

Generating public/private rsa key pair.

Enter file in which to save the key (/home/user/.ssh/id_rsa):

  1. Press Enter to save the key to the default directory.

  2. Next, set a passphrase or press Enter to leave it blank. Using a passphrase increases security, but you will have to enter it every time you log in to the server.

That’s it; the keys are created. 

The private key will be stored on your machine, while the public key should be copied to the server. This can be done manually as described below or, more conveniently, by using your Hostman control panel.

Create SSH Keys with PuTTY
Copy link

Old Windows versions don’t have OpenSSH, so you'll need a special program, PuTTYgen. You can download the puttygen.exe distribution from the official PuTTY website.

  1. Launch the program.

  2. Select RSA in the Type of key to generate block and click Generate.

  3. Move your mouse randomly in the space below the loading line to generate random values.

  4. After the key is created, you can set the Key passphrase. This is optional; you can leave the line blank. If you choose to set a passphrase, please note that you will need to enter it each time you log in using the key.

  5. Next, save the created keys by clicking on the Save public key and Save private key buttons, for example, as id_rsa.pub and mykey.ppk.

  6. Also, copy and save the contents of the Public key for pasting... window as a text file, as you will need them later when copying the SSH key to the server or the Hostman panel.

Copy an SSH Key to the Server
Copy link

Run the following command on your local computer's terminal. In place of user, enter a username created on the server, and in place of server, enter the server IP address.

Linux and MacOS
Copy link

ssh-copy-id user@server

For example:

ssh-copy-id root@38.62.228.244

Windows
Copy link

type $env:USERPROFILE\.ssh\id_rsa.pub | ssh user@server "cat >> .ssh/authorized_keys"

For example:

type $env:USERPROFILE\.ssh\id_rsa.pub | ssh root@38.62.228.244 "cat >> .ssh/authorized_keys"

As a result, the contents of the id_rsa.pub file with the public key will be copied to the ~/.ssh/authorized_keys file on the server, and in the future, you will be able to establish a connection to the server using the command:

ssh user@server

For example:

ssh root@38.62.228.244

Windows (with PuTTY)
Copy link

On older Windows versions, you will need the pageant utility to copy the SSH key to your server. You can download the pageant.exe distribution from the official PuTTY website.

  1. Connect to the server via SSH via Putty and run the command to create a file on the server to store keys:

chmod 0700 ~/.ssh
touch ~/.ssh/authorized_keys
chmod 0644 ~/.ssh/authorized_keys

  1. Open the file:

nano ~/.ssh/authorized_keys

  1. Paste the text public key, previously copied from the PuTTYgen window, into it and save the file.

  2. Launch pageant. Its icon will appear in the tray. Right-click on it and select Add Key.

  3. Enter the path to the private key mykey.ppk, saved earlier, and click Open. If you added a passphrase when creating the key, pageant will ask for it at this stage.

To check that key authorization works, run PuTTY, connect to your server, and enter your login. If everything is configured correctly, you will see an output similar to this in the console window:

Authenticating with public key "rsa-key-20151220" from agent

Disable Password Authentication
Copy link

You can disable password authentication on your server to ensure that it can only be accessed with the SSH key. To do this, you need to edit the /etc/ssh/sshd_config file on your server.

  1. Connect to the server via SSH and open the file with the command:

sudo nano /etc/ssh/sshd_config

  1. Find the PasswordAuthentication line in it and replace its value with:

  1. Save the changes, then restart the SSH service:  

sudo service ssh restart

Troubleshooting
Copy link

If you are unable to connect using an SSH key, check the SSH logs on the server:

sudo journalctl -u ssh

If the logs contain the following entry:

userauth_pubkey: key type ssh-rsa not in PubkeyAcceptedAlgorithms [preauth]

this indicates that support for ssh-rsa (RSA with SHA-1) is disabled on the server. In this case, you can resolve the issue using one of the following approaches.

Option 1 (Recommended). Generate a new key using a more secure algorithm.

For a stronger RSA key:

ssh-keygen -t rsa -b 4096 -o -a 100

Alternatively, generate an Ed25519 key:

ssh-keygen -t ed25519

After generating the key, upload the new public key to the server.

Option 2. Allow authentication using ssh-rsa by updating the SSH daemon configuration.

Add the following line to /etc/ssh/sshd_config.d/enable_rsa_keys.conf:

HostKeyAlgorithms +ssh-rsa
PubkeyAcceptedKeyTypes +ssh-rsa

Then restart the SSH service:

sudo systemctl restart sshd