How to Set Up SSH Keys on Debian 11 Linux

In Linux-based systems such as Debian 11, SSH, or Secure Shell is a type of encrypted protocol utilized to administer and communicate with servers. When working in your Debian 11 system, you may spend a lot of time in a terminal session connected to a remote server via SSH. This encrypted connection is also used to run server commands, port forwarding, X11 tunneling, and manage the remote server.

Now, let’s discuss the SSH key pair. To verify the client identity to an SSH server, SSH facilities a key pair comprising two cryptographically secure keys: Private key and Public key.

You have to keep the private key confidential. If an attacker gains access to your private key, he will be able to log into the servers set up with the help of a public key without providing additional authentication. In contrast, the public key can be freely shared and will not cause any harm to the system. This public key is used to encrypt messages that must be decoded using the private key. The public key is also used for validating the key pair’s authenticity.

In today’s post, we will show you how to set up SSH keys on Debian 11. So let’s begin!

Note: Before setting up the SSH keys, you should have SSH configured on your remote and Client system.

How to generate SSH Keys on Debian 11

Your Debian 11 system may have SSH keys if it is already connected to any remote server through an SSH connection. You can verify the presence of existing keys by utilizing the below-given command in your terminal:

$ ls -l ~/.ssh/id_*.pub

From the output, you can see that SSH key pair already exist in our system in the “/ssh/id_rsa.pub”:

However, if your terminal shows “there is no such file or directory“, then execute the below-given command for generating a key pair:

$ ssh-keygen

First of all, you will be asked to enter the desired location for saving the key pair, input the file location, or press “Enter” for accepting the default location. Next, enter your passphrase to add an extra security layer to your SSH connection, then press “Enter”.

As a result of all of these performed actions, the key pair will be generated in the specified file location, and the terminal will print the key fingerprint:

How to set up SSH Keys on Debian 11

After generating the key pair, we will now try to copy our system’s public key to the remote server. This step will help our Debian 11 system to pair the SSH keys correctly. Here is the syntax of the “ssh-copy-id” command:

$ ssh-copy-id user@hostname

In this command, you have to add the username and hostname of your remote server. You can also specify the IP address of your remote server instead of writing the hostname.

For copying our public key to the other remote server having “linuxfoss” user and “192.168.43.212” IP address, we will execute this command:

$ ssh-copy-id [email protected]

You will be asked to input the password for the specified user account on the remote server:

If you want to copy your SSH public to the remote server manually, then firstly execute the below-given command in your terminal and note down the key:

$ cat ~/.ssh/id_rsa.pub

On your remote server, you have to create an SSH directory:

$ sudo mkdir -p ~/.ssh

Now, add your public key in place of “ssh_public_key” in the below-given command:

sudo echo ssh_public_key >> ~/.ssh/authorized_keys

Set the file permissions for the SSH directory by using the chmod command:

$ sudo chmod -R go= ~/.ssh

Here, we have preserved the owner permission and removed the read, write, and executable permission for the group and other users:

How to set up SSH connection on Debian 11

You can execute the below-given command for connecting to the remote server with the “192.168.43.212” IP address:

$ ssh [email protected]

How to disable SSH password authentication on Debian 11

SSH also provides you the facility to disable the password authentication mechanism. If you want to avail this option, then firstly, open up the SSH configuration file:

$ sudo nano /etc/ssh/sshd_config

In your SSH configuration file, set these specific directives with their value:

PasswordAuthentication no 
ChallengeResponseAuthentication no
UsePAM no 

After adding the above-given lines, press “CTRL+O” to save the changes you have made in the “sshd_config” file:

In the last step, we will restart the SSH service on our Debian 11 system:

$ sudo systemctl restart ssh

Now, the establishment of the SSH connection between Debian 11 and the remote system will not require password authentication:

$ ssh [email protected]

Conclusion

SSH is a network protocol that permits two machines to communicate securely over an unsecured network. It is commonly used for accessing and managing remote servers. SSH key pair comprises a public and private key. This post demonstrated to you how to set up SSH keys on Debian 11 system. Moreover, the method for disabling the password authentication for the SSH connection is also provided to you.