DeployWise
HomeGuidesSSH Key Setup for VPS
SSHVPSSecurityLinux

SSH key setup for VPS: the complete guide

SSH keys are the secure, modern way to access your VPS. This guide walks you through generating keys, adding them to your server, disabling password auth, and troubleshooting common issues — all in 5 minutes.

5 min read
Updated 2026

Why SSH keys instead of passwords?

SSH passwords are vulnerable. Attackers run millions of brute-force login attempts every hour. SSH keys eliminate this threat entirely:

Passwords

Weak, guessable, reused, sent over network

SSH Keys

Mathematically impossible to crack, local authentication, can be restricted

Best practice: Use SSH keys for all production servers, disable password authentication entirely, and manage access via key files instead.

Generating your first SSH key pair

SSH keys use public-key cryptography. You generate a pair: a public key (goes on the server) and a private key (stays on your computer, never shared). Generate the key on your local machine:

bash
ssh-keygen -t ed25519 -C "your-email@example.com"

You'll be prompted for:

File location
Default: ~/.ssh/id_ed25519
Press Enter to use default
Passphrase
Default: (empty)
Press Enter (or set a passphrase for extra security)

Ed25519 vs RSA: Use Ed25519 (shown above) — it's smaller, faster, and more secure than the older RSA-4096. If you need RSA for compatibility, use ssh-keygen -t rsa -b 4096.

Adding your key to the VPS

You have two options: use the automatic ssh-copy-id tool (easiest), or copy manually (needed if your host blocks ssh-copy-id).

Option 1: Using ssh-copy-id (recommended)

The easiest way — you still need to log in with a password one more time:

bash
ssh-copy-id -i ~/.ssh/id_ed25519 root@your-vps-ip

Replace root with your username and your-vps-ip with your server's IP address. Enter your password when prompted. Done — your public key is now on the server!

Option 2: Manual copy (if ssh-copy-id doesn't work)

Step 1: Get your public key content:

bash
cat ~/.ssh/id_ed25519.pub

This outputs a long string starting with ssh-ed25519. Copy the entire output.

Step 2: SSH into your server (one last time with password) and add the key:

bash
ssh root@your-vps-ip

# On the server, create the .ssh directory if it doesn't exist
mkdir -p ~/.ssh
chmod 700 ~/.ssh

# Add your public key to authorized_keys
echo "paste-your-public-key-here" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

# Exit the server
exit

The file must be called authorized_keys (in the ~/.ssh directory) and have exact permissions (700 for directory, 600 for file).

Test SSH key login

After adding your key, try logging in without a password:

bash
ssh -i ~/.ssh/id_ed25519 root@your-vps-ip

If you used the default location and filename, you can simplify this to:

bash
ssh root@your-vps-ip

SSH automatically tries keys in ~/.ssh/id_*. If it works, you're done! If not, check the troubleshooting section below.

Disable password authentication

Once your key is working, disable password logins to close the door on brute-force attacks. SSH into your server:

bash
ssh root@your-vps-ip

# Open the SSH config
sudo nano /etc/ssh/sshd_config

Find and modify these lines (search with Ctrl+W in nano):

sshd_config
# Change these lines:
PasswordAuthentication yes    → PasswordAuthentication no
PubkeyAuthentication no       → PubkeyAuthentication yes
PermitRootLogin yes           → PermitRootLogin prohibit-password  # or no

# Make sure this is uncommented:
PubkeyAuthentication yes

Save with Ctrl+X, then Y, then Enter. Restart SSH:

bash
sudo systemctl restart sshd

Critical: Keep your SSH session open while testing! Open a new terminal tab and verify you can still log in with your key before closing the original session. If you lock yourself out, you may lose access to your server.

Managing multiple SSH keys

If you have multiple servers or accounts, use an SSH config file to manage keys. Create or edit ~/.ssh/config:

~/.ssh/config
Host my-vps
  HostName your-vps-ip
  User root
  IdentityFile ~/.ssh/id_ed25519
  Port 22

Host production
  HostName prod.example.com
  User deploy
  IdentityFile ~/.ssh/id_production
  Port 2222

Host github
  HostName github.com
  User git
  IdentityFile ~/.ssh/id_github

Now you can connect simply:

bash
ssh my-vps              # Uses the first key
ssh production          # Uses the production key
ssh github              # Uses the GitHub key

Make sure the permissions are correct:

bash
chmod 600 ~/.ssh/config

Connecting DeployWise with SSH keys

DeployWise uses SSH keys to connect to your VPS and manage deployments. Here's how to add your server to DeployWise:

1
Go to DeployWise dashboard
Navigate to Servers > Add Server
2
Enter your VPS details
IP address, username (usually root), and port (default 22)
3
Paste your private key
Copy the entire content of ~/.ssh/id_ed25519 and paste it in DeployWise
4
Test the connection
DeployWise will verify SSH access to your server

Security note: Never share your private key with anyone. DeployWise stores it encrypted. Your private key is the master key to your server — treat it like a password.

Troubleshooting SSH key issues

Permission denied (publickey)
  • Check that ~/.ssh/authorized_keys exists on the server with correct permissions (600)
  • Verify your public key is in authorized_keys: grep 'ssh-ed25519' ~/.ssh/authorized_keys
  • Check sshd_config has PubkeyAuthentication yes
  • Restart SSH: sudo systemctl restart sshd
Key is in wrong format
  • If your key file doesn't start with ssh-ed25519, regenerate it using ssh-keygen -t ed25519
  • Never paste the private key (id_ed25519) anywhere — only the public key (id_ed25519.pub)
  • Check the correct file: cat ~/.ssh/id_ed25519.pub (note the .pub extension)
ssh-copy-id not found or not working
  • On macOS, ensure OpenSSH is installed: brew install openssh
  • On Windows with WSL, use ssh-copy-id from WSL terminal, not PowerShell
  • If your host doesn't support ssh-copy-id, use the manual Option 2 method
Agent refused operation / too many authentication failures
  • You have too many keys in ssh-agent. Specify the key explicitly: ssh -i ~/.ssh/id_ed25519 root@ip
  • Clear cached keys: ssh-add -D
  • Add only your active key: ssh-add ~/.ssh/id_ed25519
Host key verification failed
  • This is normal the first time you connect. Type 'yes' to add the host to known_hosts
  • If you get this repeatedly, your server's SSH host key may have changed — contact your host

Best practices checklist

Use Ed25519 keys for all new servers (smaller, faster, more secure)
Never share or commit your private key (id_ed25519) to git or anywhere public
Use a passphrase on your private key if you handle sensitive deployments
Disable password authentication on all production servers
Keep your private key backed up securely (encrypted external drive, not cloud)
Regenerate keys for any account that may be compromised
Use ~/.ssh/config to organize multiple keys and hosts
Verify file permissions: 700 for ~/.ssh directory, 600 for authorized_keys and private keys
Rotate old RSA keys to Ed25519 when you have time
Review ~/.ssh/authorized_keys regularly and remove old/unused keys

Ready to deploy with secure SSH keys?

DeployWise automates server access, deployments, and monitoring — all secured with SSH key authentication. Add your VPS and start deploying in seconds.

Launch DeployWise
Related guides
Deploy Next.js to VPS
Complete deployment guide
Next.js + PM2 + Nginx
Production server setup
PM2 + Nginx Production Setup
Server configuration guide
Vercel Alternative
Self-hosted deployment platform