Choose a different version or distribution
Introduction
Before we start talking on how to configure SSH keys on Debian 12, let's briefly understand- What is an SSH Key?
SSH keys, also known as Secure Shell keys, are a secure method of logging into a server remotely. They involve using a pair of cryptographic keys- a public key and a private key. The public key is stored on the server, while the private key remains with the user.
This authentication process provides enhanced security compared to traditional password-based login, making it difficult for hackers to gain access. With SSH keys, data transmission is encrypted, ensuring confidentiality and integrity during remote sessions. It's a widely used method for secure remote access and system management.
In this tutorial, you will set up SSH Keys on Debian 12. We will also address a few FAQs on how to set up SSH Keys on Debian 12.
How to generate SSH Keys on Debian 12
Your Debian 12 system might already have SSH keys if it is connected via SSH to a remote server. The following command can be used in your terminal to see if any keys are present at the moment:
ls -l ~/.ssh/id_*.pub
You can see from the output that our system already has an SSH key pair in /ssh/id_rsa.pub
:
Execute the following command to create a key pair if, however, your terminal shows that "there is no such file or directory":
ssh-keygen
Initially, you will be asked to select a location for saving the key pair. You can either hit "Enter" to accept the default location, or type in the file's location. After inputting your passcode, hit "Enter" to strengthen the security of your SSH connection.
All of these actions will produce the key pair in the selected file location, and the terminal will print the key fingerprint.
How to Configure SSH Keys on Debian 12
Now that we have the key pair created, we will try to replicate our system's public key to the remote server. This will help our Debian 12 system pair the SSH keys correctly. The ssh-copy-id
command has the following syntax:
ssh-copy-id user@hostname
This command requires the hostname and username of your remote server. You can also specify your remote server's IP address in place of its hostname.
To copy our public key to the other remote server using the vegastack
user and 192.168.43.212
IP address, we will execute the following command:
ssh-copy-id [email protected]
You will need to enter the password for the assigned user account on the remote server.
Run the following command in your terminal and take note of the key if you want to manually copy your SSH public key to the remote server:
cat ~/.ssh/id_rsa.pub
The remote server has to have an SSH directory set up:
sudo mkdir -p ~/.ssh
Now, change the command below by adding your public key in place of ssh_public_key
:
sudo echo ssh_public_key >> ~/.ssh/authorized_keys
Using the chmod
command, modify the file permissions for the SSH directory:
sudo chmod -R go= ~/.ssh
In this case, the owner permission has been retained while the group's and other users' read, write, and executable permissions have been removed.
How to establish an SSH connection on Debian 12
You can use the following command to establish a connection to a remote server at IP address 192.168.43.212
:
ssh [email protected]
How to disable SSH password authentication on Debian 12
You can also disable the password authentication mechanism via SSH. If you want to use this option, first open the SSH configuration file:
sudo nano /etc/ssh/sshd_config
In your SSH configuration file, set the following specific directives and their corresponding values:
PasswordAuthentication no
Once you've added the lines above to the sshd_config
file, press CTRL+O
to save your changes:
The last step will be to restart the SSH service on our Debian 12 system:
sudo systemctl restart ssh
From now on, establishing an SSH connection between Debian 12 and the remote system won't require a password:
ssh [email protected]
FAQs on Setting up SSH Keys on Debian 12
How do I copy my public key to the server?
To copy your public key to the server, use the ssh-copy-id
command. For example, ssh-copy-id username@server_ip
will copy your public key to the specified user's authorized_keys
file on the server.
Can I use an existing SSH key pair on Debian 12?
Yes, you can use an existing SSH key pair on Debian 12. Copy your public key (.pub
file) to the ~/.ssh
directory on the server and ensure the correct file permissions are set.
How do I disable password authentication and only allow SSH key authentication?
To disable password authentication and allow only SSH key authentication, edit the SSH server's configuration file (/etc/ssh/sshd_config
). Set PasswordAuthentication
to no
and restart the SSH service.
How do I troubleshoot SSH key authentication issues?
Ensure that the permissions on the ~/.ssh
directory (700) and the authorized_keys
file (600) are properly set on both the client and server. Also, verify that the correct public key is added to the authorized_keys
file on the server.
Can I use passphrase-protected SSH keys on Debian 12?
Yes, you can use passphrase-protected SSH keys on Debian 12. When generating the keys, specify a passphrase. However, remember that you will need to enter the passphrase each time you use the key.
How do I temporarily disable SSH key authentication?
To temporarily disable SSH key authentication and use password-based authentication, add the -o PreferredAuthentications=password
option when connecting via SSH to the server.
How do I revoke SSH access for a specific key on Debian 12?
To revoke SSH access for a specific key, remove the corresponding public key from the user's authorized_keys
file in the ~/.ssh
directory on the server. After removal, the user won't be able to authenticate with that key anymore.
Conclusion
SSH keys are a pair of cryptographic keys used for secure remote login to servers. They provide a more secure alternative to passwords, enhancing protection against unauthorized access. The keys consist of a public key, stored on the server, and a private key, kept by the user. This authentication method encrypts data transmission, ensuring confidentiality during remote sessions. SSH keys are widely used for secure system management, offering an efficient and secure way to access servers remotely.
If you have any queries, please leave a comment below, and we’ll be happy to respond to them.