How to Generate SSH Key Pair

Prerequisites

Before generating SSH keys, make sure you have:

Access to your local computer terminal (Linux/Mac) or Git Bash/PuTTYgen (Windows)
Your server IP address and username ready

💡 SSH keys are more secure than passwords and enable passwordless login. This is a one-time setup per computer.

What are SSH Keys?

SSH keys come in pairs:

Private key - Stays on your local computer (NEVER share this)
Public key - Goes on your server (safe to share)

Method 1: Generate SSH Key on Linux/Mac

Step 1: Open Terminal

On Linux: Press Ctrl+Alt+T
On Mac: Open Terminal from Applications/Utilities

Step 2: Generate Key Pair

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

For Ed25519 (newer, more secure):

ssh-keygen -t ed25519 -C "your_email@example.com"

Step 3: Choose Save Location

Press Enter to accept default: ~/.ssh/id_rsa

Step 4: Set Passphrase (Recommended)

Enter a passphrase to encrypt your private key:

Enter passphrase (empty for no passphrase): [type a secure passphrase]
Enter same passphrase again: [type again]

Output should show:

Your identification has been saved in /home/user/.ssh/id_rsa
Your public key has been saved in /home/user/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:abc123... your_email@example.com

Method 2: Generate SSH Key on Windows

Option A: Using PowerShell (Windows 10/11)

ssh-keygen -t rsa -b 4096

Option B: Using PuTTYgen

Download PuTTY from https://www.putty.org/
Run PuTTYgen.exe
Select RSA (or Ed25519)
Set Number of bits to 4096
Click Generate (move mouse randomly)
Add a Key passphrase (optional but recommended)
Click Save private key (save as .ppk file)
Copy the public key from the text box
Click Save public key (save as .pub file)

View Your Keys

List your keys:

ls -la ~/.ssh/

View public key:

cat ~/.ssh/id_rsa.pub

Example output:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQ... your_email@example.com

Copy Public Key to Server

Method A: Using ssh-copy-id (Linux/Mac)

ssh-copy-id username@YOUR_SERVER_IP

Replace username with hxroot or your sudo user.

Method B: Manual Copy

First, connect to server:

ssh username@YOUR_SERVER_IP

Create .ssh directory if not exists:

mkdir -p ~/.ssh

chmod 700 ~/.ssh

Add your public key:

nano ~/.ssh/authorized_keys

Paste your public key (from ~/.ssh/id_rsa.pub on your local machine)

chmod 600 ~/.ssh/authorized_keys

Method C: One-liner (if you have password access)

cat ~/.ssh/id_rsa.pub | ssh username@YOUR_SERVER_IP "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Test SSH Key Login

Exit your current session and try connecting:

ssh username@YOUR_SERVER_IP

If you set a passphrase, you'll be prompted for it. If not, you'll connect directly.

Optional: Disable Password Authentication

After confirming keys work:

sudo nano /etc/ssh/sshd_config

Find and change:

PasswordAuthentication no

Restart SSH:

sudo systemctl restart sshd

⚠️ Only disable passwords after confirming SSH key login works!

Multiple SSH Keys for Different Servers

Create a config file:

nano ~/.ssh/config

Add:

Host hostxpeed-prod
    HostName 148.113.173.106
    User hxroot
    Port 22
    IdentityFile ~/.ssh/id_rsa_hostxpeed

Host work-server
    HostName 10.0.0.5
    User admin
    Port 2222
    IdentityFile ~/.ssh/id_rsa_work

Now connect with:

ssh hostxpeed-prod

Add SSH Key to SSH Agent (Avoid Typing Passphrase Repeatedly)

eval "$(ssh-agent -s)"

ssh-add ~/.ssh/id_rsa

Make it permanent by adding to ~/.bashrc:

echo 'eval "$(ssh-agent -s)"' >> ~/.bashrc
echo 'ssh-add ~/.ssh/id_rsa' >> ~/.bashrc

Troubleshooting

Permission denied (publickey):

Check ~/.ssh/authorized_keys on server has your public key
Verify permissions: ~/.ssh (700), authorized_keys (600)
Check SSH config allows PubkeyAuthentication yes

Bad permissions on ~/.ssh/config:

chmod 600 ~/.ssh/config

✅ You have generated an SSH key pair and set up passwordless authentication to your Hostxpeed VPS.