How to Set Up SSH Keys on Ubuntu 22.04

Comments 0

How to Set Up SSH Keys on Ubuntu 22.04

In this tutorial I’ll show you how to set up SSH key authentication on Ubuntu 22.04 to secure access to your server. We will use the PuTTY SSH client to manage the keys and connect to your server. PuTTY is a free, open-source application for connecting to hosts using SSH or Telnet, and has many features and options.



Create Key Pair

Most Linux distros (including Ubuntu) can generate a key-pair for you using the ssh-keygen command, so let’s go ahead and create them:


By default, ssh-keygen will create a 3072-bit RSA key-pair, which is fine in terms of security, but if you want to go a step further, use the -b 4096 flag to create a 4096-bit key as follows:

ssh-keygen -b 4096

You will then be asked a series of questions. I suggest you answer as follows:

  1. Enter file in which to save the key – Leave this at default /home/username/.ssh/id_rsa and press ENTER
  2. Enter passphrase (empty for no passphrase): Enter a strong password for extra security (optional but highly recommended)
  3. Enter same passphrase again: Enter password again to confirm

You should now receive an on-screen confirmation that your key-pair has been created and saved in your users home directory.

Confirmation os SSH key-pair has been generated

Authorized Keys

Before we can begin using our RSA keys for authentication, we need to copy the public key to authorized_keys. Let’s change directories to your users home directory (replace username with your username):

cd /home/username/.ssh

Use the dir command to see the contents of the current hidden folder. You should see three files: authorized_keys where public keys are stored and authorized for use, the private key file id_rsa, and the public key

Use the dir command to see contents of the hidden .ssh folder

Let’s copy the public key to authorized_keys:

cp ./authorized_keys

Copy Private Key

Let’s copy/download the private key so we can convert to a PuTTY .ppk file. Use the following command to display your private key on the screen, then highlight (PuTTY automatically copies to clipboard when you highlight text):

cat ~/.ssh/id_rsa
Copy the private SSH key

Create a new .txt file on your PC and name it id_rsa.txt, save it in a secure place, then paste the RSA key into it.

Click the search icon on your taskbar and search for “puttygen”, then click the PuTTYgen app icon:

Open PuTTYgen

Click Conversions -> Import Key from the top menu and choose your id_rsa.txt file. PuTTYgen will ask you to enter the passphrase you used when you created the key-pair, so go ahead and enter it.

Import your id_rsa key into PuTTYgen

Click Save private key, name your file id_rsa.ppk and choose a secure location to save it.

Save your RSA key as a .ppk file

Connect Using SSH Key Pair

Now it’s time to test your new key-pair and make sure you can login to your server. Open PuTTY and enter the IP address/hostname of your server into the Host name or IP address field. On the left-side menu, select Connection -> SSH -> Auth, then click the Browse button under the Private keys for authentication heading, and select your id_rsa.ppk file:

Import your PPK file into PuTTY

If you want to save this session so that you don’t have to repeat this process, click the Session heading, then enter a name inside the Saved Sessions field, then click Save:

Save the PuTTY sessions

Finally, click the Open button bottom-right to begin the SSH session. Ubuntu will ask you your username first, then the passphrase you used when you created the key-pair:

Ubuntu login prompt screen

You should see the Ubuntu Welcome message along with some server statistics:

Ubuntu welcome screen

Once you have successfully logged in (and saved your private key), you need to delete the private key from your server as it’s a security risk (replace username with your username):

sudo rm -rf /home/username/.ssh/id_rsa

Disable Password Authentication

Now that you have key-based authentication working, you should disable password authentication for SSH to stop brute-force attacks, but note: You must repeat this entire guide for root user, otherwise you will not be able to login as root! Once you have key-based authentication working for root user and your sudo user, you can safely disable password authentication for SSH.

Open the sshd_config file:

sudo nano /etc/ssh/sshd_config

Change PasswordAuthentication yes to PasswordAuthentication no.

Disable password authentication for SSH

Then save ctrl + o, ENTER and exit nano ctrl + x.

You can safely logout and log back in using your SSH keys profile in PuTTY.


Sometimes permissions on the .ssh directory need to be changed in order for key authentication to work. Go ahead and change ownership of your users home directory (replace username with your users name):

sudo chown -R username:username /home/username/.ssh


Your Ubuntu 22.04 server is more secure now that you have SSH key authentication set up. If you ran into any issues, look at the troubleshooting section above, make a comment, or contact me on socials/email.

Newsletter Signup

Privacy Policy

See Also

Further Reading

Categories Ubuntu, Firewalls & Security


There are currently no comments on this article.


Enter your comment below. Fields marked * are required. You must preview your comment before submitting it.

PLEASE NOTE: You must preview a comment before submitting

Comments use Textile formatting