SSH protocol is a widely used protocol for secure administrator and communication with the servers. On Debian machines, system administrators utilize SSH to communicate with the servers. Learning how to set up SSH Keys on Debian is essential for remote communication.
In this article, we will cover how to set up SSH Keys for Debian 11 machines. We will also cover how to connect using those SSH keys. So, let’s get started.
Prerequisites
We will need a client and server machine with sudo privileges for this tutorial. You can also be a root user to access the machines.
1. Update the Machine
The first step is to update all the installed packages using the apt update command. This ensures that all the required packages are up-to-date for the current installation.
sudo apt update
2. Install SSH Server
The next step is to install the SSH server. Before setting up the SSH key, we will set up the SSH server and start the server. To install SSH, execute the following command:
sudo apt install openssh-server

Next, start the SSH service once the installation is complete.
sudo systemctl start ssh
Furthermore, we will also enable the service to run automatically on boot.
sudo systemctl enable ssh
3. Create the RSA Key Pair
The next step is to generate an RSA key pair on your machine. To generate the key-pair, type the ssh-keygen
command. For example:
ssh-keygen
You will get a similar output:

If there exists a pair of RSA key-pair, then you will get a confirmation message asking to overwrite the existing key pair.
Next, you will be asked to add a secure passphrase. It is recommended to add a secure passphrase for an additional layer of security.
This command saves the identification in /your_home/.ssh/id_rsa
. While the public key is saved in /your_home/.ssh/id_rsa.pub
.
Thus, we have now successfully generated the RSA key-pair to authenticate the machine. Next, head over to the server machine to use your SSH login.
4. Copy the Key-Pair on the Server Machine
There are several ways to perform this step. The quickest way is to use a utility called ssh-copy-id
. The method is simple and highly recommended. However, if it is not available, you can either copy manually or copy via password-based SSH.
Copy Public Key Using ssh-copy-id Tool
The ssh-copy-id tool
exists by default in the operating system and copies the public key pair on the server. However, this method requires password-based SSH access to your server.
For this step, type and execute:
ssh-copy-id user@remote_host
Make sure to replace the user with the server’s name and remote_host with the server IP address. Next, the utility will scan the local account for the id_rsa.pub
key that we have just created. After that, it will prompt the password once the file is found. Type in the password and press the Enter key.
Copy Public Key Using SSH to Set Up SSH Keys on Debian
If ssh-copy-id
is not available, but you have password-based SSH, you can also utilize this method and upload your keys. For this step, we will use the cat command with the SSH command.
For example:
cat ~/.ssh/id_rsa.pub | ssh user@remote_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"
Copy Public Key Manually to Set Up SSH Keys on Debian
If both options are not available, or they are not working, then you can perform this step manually. To manually copy the public key pair, append the content of your id_rsa.pub
file to the ~/.ssh/authorized_keys
file on your remote machine.
Firstly, print the file’s contents “~ / .ssh / id_rsa.pub
” using the cat command.
cat ~/.ssh/id_rsa.pub
Secondly, navigate to the folder where you generated the keys. The default path is home/your_username/.ssh/
.
For example:
cd /home/your_username/.ssh/
Make sure to replace the username with your client machine name.
Thirdly, execute the command given below:
cat id_rsa.pub
To display the content of your id_rsa.pub key, type this into your local computer:
After that, check if the SSH folder exists or not:
mkdir -p ~/.ssh
Next, connect to the server machine using the ssh command. For example:
ssh user@remote_host
Make sure to replace the “user” with the server name and “remote host” with the server IP address.
Lastly, copy all the output using the echo command. For example:
echo public_key >> ~/.ssh/authorized_keys

Then, check the permissions of the directory:
chmod -R go= ~/.ssh
Lastly, specify the authorized username instead of the “user” parameter when executing the following command:
chown -R user:user ~/.ssh
Finally, you can access the machine using the SSH keys.
5. Authenticate Debian Server Using SSH Keys
If the above procedures are successful, you will be able to authenticate Debian Server using the SSH keys. The command is
ssh username@remote_host
Make sure to replace the “user” parameter and “remote_host” parameter like you did in the previous step.
It will also ask for a passphrase if you used one in the above steps. Otherwise, you will be logged in immediately.
6. Disable password-based login to Set Up SSH Keys on Debian 11
Now that we have set up the SSH Key on Debian 11, we do not require the password as it exposes the server to brute force attacks and makes it vulnerable. Therefore, we will disable it permanently.
Open the server as a root user and open the sshd_config file using the vim editor.
For example:
sudo vi /etc/ssh/sshd_config

After opening the file, search for the PasswordAuthentication field and set its value to “no”. Then delete the symbol #
to uncomment and exit the Vim editor.
Lastly, restart the server to apply all the changes.
For example:
sudo systemctl restart sshd
Finally, you have completed the process of how to set up SSH keys on the CentOS 8 Server. The SSH service protocol is the main access point to our servers. In this article, you have set up SSH Keys for your Debian 11 Servers with an encrypted authentication mechanism. You have also learned how to disable password authentication to avoid exposing the server.
We hope this article has helped you. For more information on SSH, check out its official documentation.
If this guide helped you, please share it.