← ServerPilot Docs

How to Use SSH Public Key Authentication

SSH public key authentication is a method of logging into an SSH/SFTP account using a cryptographic key rather than a password.

If you use very strong passwords, your server's system users are already safe from brute force attacks. However, using public key authentication provides many benefits when working with multiple developers. For example, with SSH keys you can:

  • allow multiple developers to log in as the same system user without having to share a single password between them,
  • revoke a single developer's access without revoking your other developers' access, and
  • make it easier for a single developer to log in to multiple accounts without needing to manage multiple passwords.

How Public Key Authentication Works

Keys come in pairs of a public key and a private key. Each key pair is unique, and the two keys work together.

These two keys have a special mathematical relationship: if your server is configured with your public key, you can prove you have the corresponding private key without sharing the private key.

Public key authentication works like this:

  1. Generate a key pair (public and private key).
  2. Put the public key on the server.
  3. When you SSH into the server, your SSH client proves to the server that you have the corresponding private key.

Generate an SSH Key Pair

If you haven't used public key authentication before, you must first generate an SSH key.

Add Your Public Key to a System User

Now that you have an SSH key pair, you're ready to configure a system user to allow authentication using your key.

The easiest way to manage which SSH keys are authorized for logging into each system user is with ServerPilot's built-in SSH key management.

Log In Using Your Private Key

Once you've added your public key to a system user, you can SSH or SFTP into your server using your private key. If you only have one SSH key pair on your laptop or workstation and it is saved in the default location, your SSH client will automatically log you into your server using public key authentication. You will no longer prompted for the system user's password when you SSH into your server, though you may be prompted for the password you chose for your private key.

If you didn't create your key in the default location, you'll need to specify the location:

ssh -i ~/.ssh/custom_key_name SYSUSER@IP_ADDRESS_OF_SERVER

If you're using a Windows SSH client such as PuTTy, look in the configuration settings to specify the path to your private key.

Optional: Disable Password Authentication

If you will only use public key authentication on your server, you can disable SSH password authentication. When you disable SSH password authentication, it is no longer possible to log into your server using a password. You and any others who SSH or SFTP into the server will need to use public key authentication. Disabling password authentication applies to all system users on the server.

Last updated: July 17, 2023

Launch your first site in 5 minutes