Connecting to a Server with SSH: Key-Based Authentication

The standard way to manage a remote server is SSH. SSH (Secure Shell) establishes an encrypted channel between your computer and the server, letting you run commands and transfer files. This guide explains step by step how to connect to a server with SSH, why you should use a key instead of a password, and how to make the connection secure.

Related reading: KEYDAL hosting · KEYDAL services

What Is SSH?

SSH is a protocol for connecting securely to another computer over a network. In server administration, SSH is used for remote terminal access, file transfer (SFTP/SCP) and port forwarding. Because all traffic is encrypted end to end, your password and commands cannot be read on the network.

SSH uses a client-server model: an sshd service runs on the server, and the ssh client on your computer connects to it. The SSH client is built into Linux and macOS; on modern Windows the ssh command ships by default, and PuTTY is an alternative.

How to Connect to a Server with SSH

The most basic connection command consists of a username, the server IP address and (if non-default) the port:

# Basic connection (default port 22)
ssh user@server_ip

# Specify a different port with -p
ssh -p 2222 user@server_ip

On the first connection you are asked to confirm the server's fingerprint; when you type yes it is saved to ~/.ssh/known_hosts. You are then prompted for a password — but as explained below, using a key instead of a password is far more secure.

Key-Based Authentication with an SSH Key

An SSH key is a pair: a private key and a public key. The public key is placed on the server, the private key stays with you. On connection, the match between the two keys is verified mathematically; the password is never sent over the network. This method is closed to brute-force attacks and more convenient.

1. Generate a key pair

# Generate an Ed25519 key on your local machine
ssh-keygen -t ed25519 -C "name@keydal"

The command produces id_ed25519 (private) and id_ed25519.pub (public) in ~/.ssh/. Setting a passphrase on the key protects you even if your private key is stolen.

2. Copy the public key to the server

# Send the public key to the server
ssh-copy-id user@server_ip

This command adds your public key to the server's ~/.ssh/authorized_keys file. After that, ssh user@server_ip connects without a password (or only with the key passphrase).

Making the SSH Connection Secure

Once you connect with a key, hardening the SSH configuration (/etc/ssh/sshd_config) greatly reduces the risk of brute-force and unauthorized access:

• Disable password login: PasswordAuthentication no — only key login remains.
• Disable direct root login: PermitRootLogin no — log in as a normal user, then use sudo.
• Change the port if needed: A non-default port instead of 22 reduces automated scan noise.
• Install Fail2ban: Automatically blocks repeated failed attempts.

Common SSH Errors

• Connection refused: The SSH service is not running or the port is wrong. Check with systemctl status ssh on the server.
• Permission denied (publickey): The public key is missing on the server or authorized_keys permissions are wrong (file 600, directory 700).
• Connection timed out: A firewall is blocking the port, or the IP/port is wrong.
• Host key verification failed: The server may have been reinstalled; remove the old entry from known_hosts.

Frequently Asked Questions

Is an SSH key or a password more secure?

An SSH key is significantly more secure. A password can be brute-forced, while a key is practically unbreakable in length and is never sent over the network.

How do I connect with SSH from Windows?

On Windows 10/11 the ssh command is available in PowerShell or Terminal. If you want a graphical interface, you can use PuTTY; both use the same protocol.

What happens if I lose my private key?

If you lose the private key you cannot connect with it. So back up your key, and keep your server provider's console/recovery access ready so you do not lose access.