Key-based login is more secure than a password. A password can be cracked by brute-forcing; a key practically can’t — it’s a pair made of a private and a public part. Keep the private part to yourself and never show it to anyone; the public part goes on the server. When you log in, the two are checked automatically — no need to type a password.
When asked about the path, press Enter — the key will land in the default location.
Give the key a passphrase (a password on the key itself) — when ssh-keygen asks, type a phrase instead of leaving it empty. That way, even if someone steals the private file, they can’t use it without the passphrase. To avoid typing it every time, add the key to ssh-agent: ssh-add ~/.ssh/id_ed25519.
Two files will appear:
File
What it is
~/.ssh/id_ed25519
private key — keep it to yourself, never share it
~/.ssh/id_ed25519.pub
public key — this is what goes on the server
2
Copy the public key to the server
The simplest way is ssh-copy-id:
ssh-copy-id root@IP
Replace IP with the server address from the bot. The command will ask for the root password once and add the key to the server itself.If you don’t have ssh-copy-id, add the key manually. Print your public key:
cat ~/.ssh/id_ed25519.pub
Log in to the server with the password and paste the line into ~/.ssh/authorized_keys:
If you use PuTTY, the key is created with PuTTYgen: choose the EdDSA (Ed25519) type, click Generate, and save the private key with the Save private key button (a .ppk file). Paste the line from the field at the top of the window onto the server into ~/.ssh/authorized_keys. In PuTTY itself, the path to the key is set under Connection → SSH → Auth → Credentials → Private key file.
If you got in without being asked for the server password, the key works. (If you set a passphrase, that’s exactly what you’ll be asked for — it’s the password for the key on your computer, not for the server.)