How to Set Up SSH Keys on Debian 11

SSH protocol is a widely used protocol for secure administrator and communication with the servers. On Debian machines, system administrators utilize SSH to communicate with the servers. Learning how to set up SSH Keys on Debian is essential for remote communication.

In this article, we will cover how to set up SSH Keys for Debian 11 machines. We will also cover how to connect using those SSH keys. So, let’s get started.

Prerequisites

We will need a client and server machine with sudo privileges for this tutorial. You can also be a root user to access the machines. 

1. Update the Machine

The first step is to update all the installed packages using the apt update command. This ensures that all the required packages are up-to-date for the current installation. 

sudo apt update

2. Install SSH Server

The next step is to install the SSH server. Before setting up the SSH key, we will set up the SSH server and start the server. To install SSH, execute the following command:

sudo apt install openssh-server
Install SSH Server

Next, start the SSH service once the installation is complete.

sudo systemctl start ssh

Furthermore, we will also enable the service to run automatically on boot.

sudo systemctl enable ssh

3. Create the RSA Key Pair

The next step is to generate an RSA key pair on your machine. To generate the key-pair, type the ssh-keygen command. For example:

ssh-keygen

You will get a similar output:

Keygen output

If there exists a pair of RSA key-pair, then you will get a confirmation message asking to overwrite the existing key pair. 

Next, you will be asked to add a secure passphrase. It is recommended to add a secure passphrase for an additional layer of security. 

This command saves the identification in /your_home/.ssh/id_rsa. While the public key is saved in /your_home/.ssh/id_rsa.pub.

Thus, we have now successfully generated the RSA key-pair to authenticate the machine. Next, head over to the server machine to use your SSH login. 

4. Copy the Key-Pair on the Server Machine

There are several ways to perform this step. The quickest way is to use a utility called ssh-copy-id. The method is simple and highly recommended. However, if it is not available, you can either copy manually or copy via password-based SSH. 

Copy Public Key Using ssh-copy-id Tool

The ssh-copy-id tool exists by default in the operating system and copies the public key pair on the server. However, this method requires password-based SSH access to your server.

For this step, type and execute:

ssh-copy-id user@remote_host

Make sure to replace the user with the server’s name and remote_host with the server IP address. Next, the utility will scan the local account for the id_rsa.pub key that we have just created. After that, it will prompt the password once the file is found. Type in the password and press the Enter key. 

Copy Public Key Using SSH to Set Up SSH Keys on Debian

If ssh-copy-id is not available, but you have password-based SSH, you can also utilize this method and upload your keys. For this step, we will use the cat command with the SSH command.

For example:

cat ~/.ssh/id_rsa.pub | ssh user@remote_host "mkdir -p ~/.ssh && touch ~/.ssh/authorized_keys && chmod -R go= ~/.ssh && cat >> ~/.ssh/authorized_keys"

Copy Public Key Manually to Set Up SSH Keys on Debian

If both options are not available, or they are not working, then you can perform this step manually. To manually copy the public key pair, append the content of your id_rsa.pub file to the ~/.ssh/authorized_keys file on your remote machine.

Firstly, print the file’s contents “~ / .ssh / id_rsa.pub” using the cat command. 

cat ~/.ssh/id_rsa.pub

Secondly, navigate to the folder where you generated the keys. The default path is home/your_username/.ssh/.

For example: 

cd /home/your_username/.ssh/

Make sure to replace the username with your client machine name.

Thirdly, execute the command given below:

cat id_rsa.pub

To display the content of your id_rsa.pub key, type this into your local computer:

After that, check if the SSH folder exists or not:

mkdir -p ~/.ssh

Next, connect to the server machine using the ssh command. For example:

ssh user@remote_host

Make sure to replace the “user” with the server name and “remote host” with the server IP address.

Lastly, copy all the output using the echo command. For example:

echo public_key >> ~/.ssh/authorized_keys
Set Up SSH Keys on Debian

Then, check the permissions of the directory:

chmod -R go= ~/.ssh

Lastly, specify the authorized username instead of the “user” parameter when executing the following command:

chown -R user:user ~/.ssh

Finally, you can access the machine using the SSH keys. 

5. Authenticate Debian Server Using SSH Keys

If the above procedures are successful, you will be able to authenticate Debian Server using the SSH keys. The command is 

ssh username@remote_host

Make sure to replace the “user” parameter and “remote_host” parameter like you did in the previous step.

It will also ask for a passphrase if you used one in the above steps. Otherwise, you will be logged in immediately. 

6. Disable password-based login to Set Up SSH Keys on Debian 11

Now that we have set up the SSH Key on Debian 11, we do not require the password as it exposes the server to brute force attacks and makes it vulnerable. Therefore, we will disable it permanently.

Open the server as a root user and open the sshd_config file using the vim editor.

For example:

sudo vi /etc/ssh/sshd_config
Set Up SSH Keys on Debian

After opening the file, search for the PasswordAuthentication field and set its value to “no”. Then delete the symbol # to uncomment and exit the Vim editor. 

Lastly, restart the server to apply all the changes. 

For example:

sudo systemctl restart sshd

Finally, you have completed the process of how to set up SSH keys on the CentOS 8 Server. The SSH service protocol is the main access point to our servers. In this article, you have set up SSH Keys for your Debian 11 Servers with an encrypted authentication mechanism. You have also learned how to disable password authentication to avoid exposing the server.

We hope this article has helped you. For more information on SSH, check out its official documentation.

If this guide helped you, please share it.

Leave a Reply
Related Posts