How to Configure SSH Keys on Debian 11 Linux

Choose a different version or distribution

Introduction

Before we start talking on how to configure SSH keys on Debian 11, let's briefly understand - What is an SSH Key?

SSH (Secure Shell) is a secure network protocol that allows for secure remote access and control of systems over an unsecured network. Configuring SSH keys on Debian 11 Linux can enhance security by eliminating the need for passwords and providing a seamless and secure method of authentication.

You might spend a lot of time in a terminal session connecting to a remote server via SSH when working on your Debian 11 system. Additionally, server commands, port forwarding, X11 tunneling, and remote server management are all carried out via this encrypted connection.

In this tutorial, you will configure SSH Keys on Debian 11 Linux. We will also address a few FAQs on how to configure SSH Keys on Debian 11 Linux.

How to generate SSH Keys on Debian 11

If your Debian 11 machine is already linked to a remote server using SSH, it may already have SSH keys. You can use the following command in your terminal to check whether any keys are currently present:

ls -l ~/.ssh/id_*.pub

You can see from the output that our system already has an SSH key pair in "/ssh/id_rsa.pub":

Execute the following command to create a key pair if, however, your terminal shows that "there is no such file or directory":

ssh-keygen

You will first be prompted to choose where you want to save the key pair. You may either type in the location of the file or hit "Enter" to accept the default location. Press "Enter" after entering your passcode to further secure your SSH connection.

The key pair will be created in the location of the chosen file as a result of all these activities, and the terminal will print the key fingerprint.

How to Configure SSH Keys on Debian 11

We will now attempt to copy our system's public key to the remote server after creating the key pair. This step will assist our Debian 11 system in properly pairing the SSH keys. The syntax for the "ssh-copy-id" command is as follows:

ssh-copy-id user@hostname

You must include the username and hostname of your remote server with this command. Instead of specifying the hostname of your remote server, you can also specify its IP address.

We will run the following command to copy our public key to the other remote server with the "vegastack" user and "192.168.43.212" IP address:

ssh-copy-id vegastack@192.168.43.212

On the remote server, you will be required to enter the password for the designated user account.

If you wish to manually copy your SSH public key to the remote server, first run the following command in your terminal and make a note of the key:

cat ~/.ssh/id_rsa.pub

You must set up an SSH directory on the remote server:

sudo mkdir -p ~/.ssh

Now, modify the command below by replacing "ssh_public_key" with your public key:

sudo echo ssh_public_key >> ~/.ssh/authorized_keys

Using the chmod command, modify the file permissions for the SSH directory:

sudo chmod -R go= ~/.ssh

Here, the read, write, and executable permissions for the group and other users have been deleted while the owner permission has been preserved:

How to establish an SSH connection on Debian 11

You can use the following command to establish a connection to a remote server at IP address "192.168.43.212":

ssh vegastack@192.168.43.212

How to disable SSH password authentication on Debian 11

Additionally, SSH gives you the option to turn off the password authentication system. First, open up the SSH configuration file if you wish to use this option:

sudo nano /etc/ssh/sshd_config

Set the following particular directives with their values in your SSH configuration file:

PasswordAuthentication no 

Press "CTRL+O" to save the modifications you've made to the "sshd_config" file after adding the above lines:

The SSH service will be restarted on our Debian 11 system as the final step:

sudo systemctl restart ssh

Now, password authentication won't be necessary to establish an SSH connection between Debian 11 and the remote system:

ssh vegastack@192.168.43.212

FAQs on Configuring SSH Keys on Debian 11 Linux

What is the advantage of using SSH keys for authentication?

Using SSH keys for authentication offers several advantages over passwords. SSH keys provide stronger security, eliminate the need for remembering complex passwords, and enable automated and secure authentication.

How do I add my SSH public key to the remote server?

To add your SSH public key to the remote server, you can copy the content of the public key file and append it to the ~/.ssh/authorized_keys file on the server.

Do I need to generate SSH keys on the client or the server?

SSH keys are generated on the client machine, and the public key is then copied to the server for authentication.

How can I generate SSH keys on Debian 11?

To generate SSH keys on Debian 11, you can use the ssh-keygen command in the terminal. The default key type is RSA, but other algorithms like Ed25519 can also be used.

Where are SSH keys stored on Debian 11?

SSH keys are typically stored in the ~/.ssh directory on the client machine. The private key is saved as id_rsa, while the public key has the same name with the .pub extension.

What are the permissions for SSH keys and directories on Debian 11?

To ensure the security of SSH keys, the ~/.ssh directory and the authorized_keys file should have permissions set to 700 (drwx------) and 600 (-rw-------) respectively.

Can I use the same SSH key pair for multiple servers or clients?

Yes, you can use the same SSH key pair for multiple servers or clients. Copy the public key to all the servers or clients you wish to connect to using that key pair.

Conclusion

SSH is a network protocol that enables secure communication between two machines across an unsecured network. It is frequently employed for controlling and accessing distant servers. A public key and a private key make up an SSH key pair. You learned how to configure SSH keys on a Debian 11 system in this tutorial. Additionally, the procedure for turning off password authentication for the SSH connection is also demonstrated.

If you have any queries, please leave a comment below, and we’ll be happy to respond to them.