DAGA

Digital Agency Growth Academy

AI operator training, hosted products, and community

CoursesPricingCommunityJoinSign In
Courses/F1 Claude Code for Agency Owners/SSH into your VPS
TextPreview access

Generate your SSH key

Generate an SSH key pair on your local machine and understand what the public and private keys do.

Time 15 minModule SSH into your VPSCourse progress 0%

Lesson outcome

You will have an SSH key pair on your local machine and understand the role of each key — one stays on your computer, one goes on every server you want to access.

Why this matters in an agency

Password-based SSH login has two problems. First, you have to type the password every time you connect, which gets old fast when you are logging in multiple times a day. Second, passwords can be guessed or brute-forced by automated attackers. SSH keys solve both problems. You authenticate with a cryptographic key that is nearly impossible to guess, and the login happens instantly without typing anything.

Every professional server setup uses SSH keys. Setting them up now means you never have to migrate away from passwords later.

Inputs, tools, and prerequisites

Your local terminal. Claude Code running on your local machine. The VPS from the previous module (you do not need to be logged into it yet).

Step-by-step walkthrough

What SSH keys are

An SSH key pair has two parts:

The private key stays on your computer. It lives in a hidden folder called .ssh in your home directory. You never share it, copy it to a server, or send it to anyone. It is like the key to your house — it stays with you.

The public key goes on every server you want to access. It lives in a file on the server. It is like the lock on your house — you can put copies on as many doors as you want. Anyone can see a lock, but only the matching key opens it.

When you connect to a server, your computer proves it has the private key without ever sending it over the network. The server checks the proof against the public key it has on file. If they match, you are in. No password needed.

Generate the key pair with Claude Code's help

Start Claude Code on your local machine (any directory is fine for this):

```
I need to generate an SSH key pair so I can connect to my VPS without a password. Generate an ed25519 SSH key for me. My email is [your email]. Do not set a passphrase for now — I want passwordless login.
```

Claude Code will propose running an ssh-keygen command. It will look something like:

```
ssh-keygen -t ed25519 -C "[email protected]" -f ~/.ssh/id_ed25519 -N ""
```

Read the command before approving. Here is what each part does:

  • ssh-keygen — the program that generates keys
  • -t ed25519 — the key type (ed25519 is modern and secure)
  • -C "your-email" — a label so you can identify the key later
  • -f ~/.ssh/id_ed25519 — where to save the key
  • -N "" — no passphrase (empty string means no extra password on the key itself)

Approve the command. It runs in less than a second and creates two files:

  • ~/.ssh/id_ed25519 — your private key (never share this)
  • ~/.ssh/id_ed25519.pub — your public key (this goes on servers)

Verify the keys were created

Ask Claude Code:

```
Read my public SSH key and show it to me.
```

Claude Code reads ~/.ssh/id_ed25519.pub and displays it. It looks like a long string starting with ssh-ed25519 followed by a block of characters and ending with your email. This is the public key you will copy to your VPS in the next lesson.

Understand the security model

Your private key file (~/.ssh/id_ed25519) should have restricted permissions — only you should be able to read it. Claude Code's keygen command usually sets this correctly. You can verify by asking:

```
Check the permissions on my SSH private key file and tell me if they are secure.
```

The permissions should be 600 (readable and writable only by you) or 400 (readable only by you). If they are too open (like 644 or 755), SSH will refuse to use the key and show an error. Claude Code can fix this for you if needed.

Failure modes and verification checks

The main failure is overwriting an existing SSH key. If you already have files at ~/.ssh/id_ed25519, the keygen command will ask if you want to overwrite. If you are not sure whether you have existing keys, ask Claude Code to check first. Do not overwrite keys you might be using for other services.

Verification: run ls -la ~/.ssh/ and confirm both id_ed25519 and id_ed25519.pub exist. Ask Claude Code to read the public key and confirm it starts with ssh-ed25519.

Implementation checklist

  • Ask Claude Code to generate an ed25519 SSH key pair.
  • Read the command and understand each part before approving.
  • Verify both key files exist in ~/.ssh/.
  • View the public key contents.
  • Confirm permissions on the private key are restrictive (600 or 400).

Immediate next action

Move to the next lesson to copy your public key to the VPS and switch from password login to key-based login.

Exercise

Ask Claude Code this question:

```
Explain the difference between my SSH private key and public key. Why is it safe to put the public key on a server but dangerous to share the private key?
```

Read the explanation. Then, in your own words, explain the concept to an imaginary coworker in two sentences. If you can do that, you understand SSH keys well enough to use them. You do not need to understand the cryptography. You need to understand which key goes where and why.