# How to Setup SSH Key Authentication to Linux

This how to consolidates several aspects of setting up SSH key access to a Linux server.

<p class="callout info">NOTE: We currently have two tutorials for this, that need to be consolidated into one. So, maybe this alternate tutorial fills your use-case: <span data-annotation-inline-node="true" data-annotation-mark="true" data-card-url="https://oga.atlassian.net/wiki/spaces/~311198967/pages/47415311" data-inline-card="true" data-renderer-start-pos="233"><span class="loader-wrapper"><span data-testid="hover-card-trigger-wrapper">[<span class="_19itglyw _vchhusvi _r06hglyw _o5721jtm _1nmz9jpi _16d9qvcn _ca0qv77o _u5f31b66 _n3tdv77o _19bv1b66" data-testid="inline-card-icon-and-title"><span class="_19itglyw _vchhusvi _r06hglyw">Ubuntu SSH Key Access</span></span>](https://oga.atlassian.net/wiki/spaces/~311198967/pages/47415311)</span></span></span></p>

<p class="callout info">NOTE: If you are creating ssh keys for recent Ubuntu distributions, do not use RSA, as it is no longer an accepted key type (as of Ubuntu 21, I think). Use ecdsa instead.</p>

## SSH Server Setup

Follow this link to setup the SSH server on Ubuntu: [Ubuntu: Setup SSH Server](https://wiki.galaxydump.com/link/118 "https://wiki.galaxydump.com/link/118")

### Update SSH Config

The SSH service needs to be configured to disallow passwords, and to require SSH key authentication.  
The following is list of actions to perform in the service configuration.

#### SSH Key File Name

<p class="callout info">NOTE: Not all ssh configuration files include the naming of the authorizedkeys file for users.  
And, different flavors of Ubuntu and linux use different naming conventions for the SSH key file of a user.</p>


So, we have to determine the file name for ssh key files, and make sure it is set in the config file, and we use the same name.

To find the ssh key file name, open the ssh config with the following:

```bash
sudo nano /etc/ssh/sshd_config
```

Locate the line in the config file with, AuthorizedKeysFile. Uncomment the line if necessary.

[![image.png](https://wiki.galaxydump.com/uploads/images/gallery/2025-09/scaled-1680-/JOEgve5BxdipkcU0-image.png)](https://wiki.galaxydump.com/uploads/images/gallery/2025-09/JOEgve5BxdipkcU0-image.png)

Make a note of the filename used. This will be needed when installing SSH keys.

#### Prevent Remote Root Login

This is also done in the ssh config file.

Locate the line with PermitRootLogin, and set it to no, like this:

[![image.png](https://wiki.galaxydump.com/uploads/images/gallery/2025-09/scaled-1680-/0CIw38glMCsc4g33-image.png)](https://wiki.galaxydump.com/uploads/images/gallery/2025-09/0CIw38glMCsc4g33-image.png)

#### Disable Password Authentication

This requires three changes in the ssh config file.

Locate the line with ChallengeResponseAuthentication, and set it to no, like this:

[![image.png](https://wiki.galaxydump.com/uploads/images/gallery/2025-09/scaled-1680-/yP7yJFVxFbQc5kAl-image.png)](https://wiki.galaxydump.com/uploads/images/gallery/2025-09/yP7yJFVxFbQc5kAl-image.png)

Locate the UsePAM line and set it to no, like this:

[![image.png](https://wiki.galaxydump.com/uploads/images/gallery/2025-09/scaled-1680-/TBpK1oZHxoPzH0Bw-image.png)](https://wiki.galaxydump.com/uploads/images/gallery/2025-09/TBpK1oZHxoPzH0Bw-image.png)

Locate the PasswordAuthentication line and set it to no, like this:

[![image.png](https://wiki.galaxydump.com/uploads/images/gallery/2025-09/scaled-1680-/UxAAFdidAnYQvaaT-image.png)](https://wiki.galaxydump.com/uploads/images/gallery/2025-09/UxAAFdidAnYQvaaT-image.png)

Disable interactive keyboard authentication by setting this:

```
KbdInteractiveAuthentication no
```

Save changes to the config file.

#### Restart SSH

With the changes made above, we need to restart the SSH service, with this:

```bash
sudo systemctl restart ssh
```