Connect to your VPS with SSH keys

Lesson outcome

You will be able to SSH into your VPS without typing a password, and your server will be configured to reject password-based logins.

Why this matters in an agency

Once SSH keys work, your VPS access becomes both faster and more secure. You type ssh root@your-ip and you are in — no password prompt, no delay. And because you disable password login afterward, automated attackers who try to guess your root password will be rejected immediately. This is baseline server security that every production system should have.

Inputs, tools, and prerequisites

Your SSH key pair from the previous lesson. Your VPS IP address. The root password (stored in BWS). Claude Code running on your local machine.

Step-by-step walkthrough

Copy the public key to the VPS

Ask Claude Code to help:

```
Copy my SSH public key to my VPS at [your-ip-address] so I can log in without a password. The user is root.
```

On Mac, Claude Code will propose using ssh-copy-id:

```
ssh-copy-id root@your-ip-address
```

Approve it. The command will ask for your root password one last time. Type it. The command copies your public key to the server and places it in the right file (/root/.ssh/authorized_keys).

On Windows (PowerShell), ssh-copy-id does not exist. Claude Code will use the PowerShell equivalent instead:

```
type $env:USERPROFILE\.ssh\id_ed25519.pub | ssh root@your-ip-address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
```

This reads your public key and pipes it to the server over SSH. It does the same thing as ssh-copy-id — it just uses PowerShell syntax. You will be asked for your root password one last time.

Test key-based login

Now test the connection:

```
ssh root@your-ip-address
```

This time, you should be logged in immediately without a password prompt. If it still asks for a password, something went wrong with the key copy. Ask Claude Code to troubleshoot:

```
I copied my SSH key to my VPS but it still asks for a password. Help me diagnose the issue. The VPS IP is [your-ip].
```

Common causes: incorrect file permissions on the server's .ssh directory, the key was copied to the wrong location, or the SSH server is not configured to accept keys. Claude Code can check each of these.

Set up an SSH config shortcut

Typing ssh [email protected] every time is tedious. You can create a shortcut. Ask Claude Code:

```
Create an SSH config entry so I can connect to my VPS by just typing "ssh vps" instead of the full command. The IP is [your-ip], the user is root, and the key is at ~/.ssh/id_ed25519.
```

Claude Code will edit (or create) the file ~/.ssh/config and add an entry like:

```
Host vps
HostName your-ip-address
User root
IdentityFile ~/.ssh/id_ed25519
```

Now test it:

```
ssh vps
```

You should be logged in immediately. From now on, ssh vps is all you need to type.

Disable password authentication

Now that key-based login works, disable password login for security. This is done on the server, so log in first with ssh vps, then ask Claude Code on your local machine (or use the server directly) to guide you through the change.

The process is: edit the SSH server configuration file on the VPS to set PasswordAuthentication no, then restart the SSH service.

If you are comfortable doing this through Claude Code, log out of the VPS and start Claude Code locally:

```
Walk me through disabling password-based SSH login on my VPS. I can already log in with my SSH key by typing "ssh vps". I want to make sure I do not lock myself out.
```

Claude Code will give you step-by-step instructions. The critical safety check: before restarting the SSH service, open a second terminal and make sure you can still SSH in with your key. Keep that second connection open while you restart the service. If something goes wrong, you still have access through the existing connection to fix it.

After the change, try logging in from a new terminal:

```
ssh vps
```

Should work instantly with your key. Then try simulating a password login:

```
ssh -o PubkeyAuthentication=no root@your-ip-address
```

This should be rejected — "Permission denied (publickey)." That confirms password authentication is disabled. Only your SSH key can get in.

Failure modes and verification checks

The main failure mode — and it is a serious one — is disabling password authentication before confirming key-based access works. Always test key login first, keep a session open, then disable passwords. If you lock yourself out, most VPS providers have a web-based console in their dashboard that bypasses SSH entirely — use that to fix the configuration.

Verification: ssh vps logs you in immediately with no password prompt. ssh -o PubkeyAuthentication=no root@your-ip is rejected.

Implementation checklist

• Copy your public key to the VPS with ssh-copy-id.
• Test key-based login (no password prompt).
• Create an SSH config shortcut (ssh vps).
• Test the shortcut.
• Disable password authentication on the VPS.
• Verify password login is rejected.
• Keep a backup session open during the security change.

Immediate next action

Move to the next module. You now have fast, secure access to your VPS. Next you will install Claude Code on it.

Exercise

Test your SSH setup end-to-end. Close all terminal windows. Open a brand new terminal. Type ssh vps. You should be on your server within two seconds, no password, no extra steps. If that works, your SSH setup is solid. While you are logged in, check the time on the server:

```
date
```

Compare it to your local time. The server is likely in a different timezone. That is fine — it is a computer in a data center somewhere else in the world, and you are operating it from your desk. That is the fundamental shift this module represents.