How to Generate & Set Up SSH Keys on Debian 10?

In today's world, where most communication and data transfer happens over networks and the internet, security has become a crucial issue. An unsecured network can allow malicious users to intercept, modify, or steal sensitive data. To ensure secure communication over a network, encryption plays an essential role.

Secure Shell (SSH) is an encrypted protocol that allows you to access a remote system securely. It provides secure communication between two untrusted hosts over an insecure network.

SSH keys are authentication credentials used by SSH for secure communication between systems. They provide a more secure way of logging into a server than using a password alone, consisting of a public-private key pair where the private key remains on your local machine and the public key is installed on remote servers.

Generating SSH Keys on Debian 10

SSH keys are an effective way to secure your communication over the internet. By using SSH keys, you can ensure that only authorized parties have access to your server. Generating keys on Debian 10 is a straightforward process that involves using the ssh-keygen command-line tool.

Step-by-Step Guide to Generating SSH Keys

To generate an SSH key on Debian 10, follow these simple steps

• Open your terminal and run the following command

ssh-keygen

• You will be asked for a filename and location for your new key file. The default location is usually ~/.ssh/id_rsa, which is fine for most cases. If you want to change the location or filename, you can do so now.

• Next, you will be prompted for a passphrase. A passphrase adds an extra layer of security by encrypting your private key with a password. It is highly recommended that you choose a strong passphrase that includes upper and lowercase letters, numbers and symbols.

• Once you have entered your passphrase twice, ssh-keygen will generate two files: one private (id_rsa) and one public (id_rsa.pub) key files in the ~/.ssh/ directory.

Setting Up SSH Keys on Debian 10 Server

There are two ways of copying the public key over to the server: using the ssh-copy-id command or manually copying it over SFTP/SCP.

Method 1: Using ssh-copy-id Command

The simplest method of copying your public key to the server is by using the ssh-copy-id command. This command copies the contents of your public key file (usually named id_rsa.pub) to a file named authorized_keys in the ~/.ssh/ directory on the remote machine.

To use this method, run the following command in a terminal window

ssh-copy-id username@remote_host

Replace username with your username on the remote machine and remote_host with its IP address or hostname. You will be prompted for your password on the remote machine, after which your public key will be copied over.

Method 2: Manually Copying Public Key

If you prefer not to use ssh-copy-id, you can manually copy your public key. First, display your public key file by running

cat ~/.ssh/id_rsa.pub

Copy the entire output (including "ssh-rsa" at the beginning). Next, connect to your remote machine and create the SSH directory if it doesn't exist

mkdir -p ~/.ssh

Open or create the authorized_keys file and paste your public key

nano ~/.ssh/authorized_keys

Set proper permissions for security

chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Disabling Password Authentication

Once your public key is copied over to the server, you should disable password authentication for added security. This ensures that only users with the correct private key can access the server.

Edit the SSH daemon configuration file

sudo nano /etc/ssh/sshd_config

Find the line that says #PasswordAuthentication yes and change it to PasswordAuthentication no. Save and close the file.

Restart the SSH service

sudo systemctl restart sshd

You will now be able to log in to your remote machine using only your SSH key.

Using SSH Keys with Git Repositories

Adding Public Key to Git Account

Adding your public key to your Git account is essential for using SSH keys with Git repositories. Once you have generated your keys, copy the contents of your public key file and paste it into your Git account settings under the SSH keys section.

Configuring Git to Use SSH

By default, most Git clients use HTTPS when communicating with remote repositories. To switch to SSH, navigate to your repository and run

git remote set-url origin git@github.com:username/repository.git

Replace username with your Git username and repository with your repository name.

Best Practices for SSH Key Management

Key Rotation

One of the best practices for managing SSH keys is to rotate them regularly. For high-security environments, it is recommended to rotate keys every 90 days or less. If there is any suspicion that a key may have been compromised, it should be rotated immediately.

Revoking Access

To revoke access, remove the corresponding public key from the authorized_keys file on your server. This prevents unauthorized users from accessing your server with their SSH key pair.

Keeping Private Keys Secure

The private SSH key must be kept secure at all times since possession of this file grants complete control over any system where its corresponding public key is installed. Follow these security practices

• Protect them with a strong passphrase

• Store them on encrypted storage such as an external hard drive

• Use a password manager to manage your SSH keys

• Never share them with anyone or upload them to online storage or Git repositories

Remember that if your private key is compromised, you will need to revoke access immediately and generate a new key pair.

Conclusion

Generating and setting up SSH keys on Debian 10 is a critical step in ensuring secure communication between servers and clients. SSH keys offer superior security, convenience, and ease of use compared to traditional password-based authentication. By following this guide, you can implement SSH key authentication to significantly enhance your system's security posture.