https://linuxize.com/post/how-to-set-up-ssh-keys-on-debian-9
How to Set Up SSH Keys on Debian 9
The two most popular mechanisms are
passwords based authentication and public key based authentication.
Using SSH keys is more secure and convenient than traditional password
authentication.
In this tutorial we will describe how to generate SSH keys on Debian 9 systems. We will also show you how to setup a SSH key-based authentication and connect to your remote Linux servers without entering a password.
If the output of the command above contains something like
If there are existing keys, you can either use those and skip the next step or backup up the old keys and generate new ones.
Start by generating a new 4096 bits SSH key pair with your email address as a comment using the following command:
The output will look similar to the following:
Press
Next, you’ll be prompted to type a secure passphrase. Whether you want to use passphrase its up to you. With passphrase, an extra layer of security is added to your key.
If you don’t want to use passphrase just press
The whole interaction looks like this:
To verify that the SSH key pair was generated, type:
The output should look something like this:
The easiest and the recommended way to copy the public key to the remote server is to use the
On your local machine terminal tun the following command:
You will be prompted to enter the
Once the user is authenticated, the public key
If the
To test it, try to connect to the server via SSH:
If you haven’t set a passphrase, you will be logged in immediately. Otherwise you will be prompted to enter the passphrase.
Before disabling SSH password authentication make sure you can login to your server without a password and the user you are logging in with has sudo privileges.
Log into your remote server:
Open the SSH configuration file
Search for the following directives and modify as it follows:
At this point, the password based authentication is disabled.
We have also shown you how to disable SSH password authentication and add an extra layer of security to your server.
If you have any question or feedback feel free to leave a comment.
In this tutorial we will describe how to generate SSH keys on Debian 9 systems. We will also show you how to setup a SSH key-based authentication and connect to your remote Linux servers without entering a password.
Creating SSH keys on Debian
Before generating a new SSH key pair, first check for existing SSH keys on your Debian client machine. You can do that by running the following command:ls -l ~/.ssh/id_*.pub
No such file or directory
or no matches found
it means that you don’t have SSH keys and you can continue with the next step and generate a new SSH key pair.If there are existing keys, you can either use those and skip the next step or backup up the old keys and generate new ones.
Start by generating a new 4096 bits SSH key pair with your email address as a comment using the following command:
ssh-keygen -t rsa -b 4096 -C "your_email@domain.com"
Enter file in which to save the key (/home/yourusername/.ssh/id_rsa):
Enter
to accept the default file location and file name.Next, you’ll be prompted to type a secure passphrase. Whether you want to use passphrase its up to you. With passphrase, an extra layer of security is added to your key.
Enter passphrase (empty for no passphrase):
Enter
The whole interaction looks like this:
To verify that the SSH key pair was generated, type:
ls ~/.ssh/id_*
/home/yourusername/.ssh/id_rsa /home/yourusername/.ssh/id_rsa.pub
Copy the Public Key to the Server
Now that you have your SSH key pair, the next step is to copy the public key to the server you want to manage.The easiest and the recommended way to copy the public key to the remote server is to use the
ssh-copy-id
tool.On your local machine terminal tun the following command:
ssh-copy-id remoteusername@server_ip_address
remoteusername
password:remoteusername@server_ip_address's password:
~/.ssh/id_rsa.pub
will be appended to the remote user ~/.ssh/authorized_keys
file and connection will be closed.Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'username@server_ip_address'"
and check to make sure that only the key(s) you wanted were added.
ssh-copy-id
utility is not available on your local computer you can use the following command to copy the public key:cat ~/.ssh/id_rsa.pub | ssh remoteusername@server_ip_address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
Login to the Server using SSH Keys
At this point you should be able login to the remote server without being prompted for a password.To test it, try to connect to the server via SSH:
ssh remoteusername@server_ip_address
Disabling SSH Password Authentication
To add an extra layer of security to your server you can disable the password authentication for SSH.Before disabling SSH password authentication make sure you can login to your server without a password and the user you are logging in with has sudo privileges.
Log into your remote server:
ssh sudo_user@server_ip_address
/etc/ssh/sshd_config
:sudo nano /etc/ssh/sshd_config
/etc/ssh/sshd_config
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
Once you are done save the file and restart the SSH service using the following command:sudo systemctl restart ssh
Conclusion
In this tutorial you have learned how to generate a new SSH key pair and setup a SSH key-based authentication. You can add the same key to multiple remote serves.We have also shown you how to disable SSH password authentication and add an extra layer of security to your server.
If you have any question or feedback feel free to leave a comment.
No comments:
Post a Comment