πŸ” Secure SSH Connections in 2025

Viktor Niderman

In the past, SSH connections were commonly secured using RSA keys. But as of 2025, that algorithm is considered outdated. The modern alternative is ed25519 β€” a compact, fast, and secure cryptographic algorithm that’s now widely adopted.

πŸ›  Generating an ed25519 Key

Open your terminal and run:

ssh-keygen -t ed25519 -C "your_email@example.com"

Parameter breakdown:

  • -t ed25519 β€” sets the key type
  • -C β€” adds a comment, typically your email (used for identification)

πŸ”Ž Why include your email?

The email is stored in the public key as a comment. It helps you identify which key is which β€” especially useful if you manage multiple keys (e.g., personal, work, automation).

πŸ“‹ What You’ll See:

Enter file in which to save the key (/home/you/.ssh/id_ed25519): [press Enter]
Enter passphrase (empty for no passphrase): [enter a password if you want]
Enter same passphrase again: [confirm it]

πŸ” Is a passphrase required?

Not strictly, but it’s highly recommended. If someone steals your private key, they still won’t be able to use it without the passphrase β€” an extra layer of protection.

πŸ“ Where the Keys Are Saved

  • πŸ—οΈ Private key: ~/.ssh/id_ed25519
  • πŸ”“ Public key: ~/.ssh/id_ed25519.pub

Important:

  • The private key stays on your machine and must never be shared
  • The public key is like a lock β€” you can place it anywhere (GitHub, servers, etc.)

🧩 Setting Up SSH Access on the Server

First, copy your public key to the clipboard:

cat ~/.ssh/id_ed25519.pub

Then connect to your server using a password (as usual), and run:

mkdir -p ~/.ssh
nano ~/.ssh/authorized_keys

Paste your public key into the file on a new line.

πŸ”’ Set the Correct Permissions

chmod 600 ~/.ssh/authorized_keys
chmod 700 ~/.ssh

πŸ” Test Key-Based Login

Now try logging in without a password:

ssh user@ip

If it works β€” you’re good to go! πŸ‘

If it doesn’t, stop here β€” do not proceed until you’re sure key-based login is working, or you risk losing access to your server.


πŸ” (Optional but Recommended) Disable Password Login

Open the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find and update the following lines:

PasswordAuthentication no
PermitRootLogin no

Then restart SSH:

sudo systemctl restart ssh

βœ… Done!

Β 

You’re now using a modern, secure SSH setup based on ed25519. Your server no longer allows password-based logins, making it more resistant to brute-force attacks πŸ’ͺ