How to Generate & Set Up SSH Keys on Debian 10?


Introduction

In today's world, where most of the communication and data transfer happens over networks and the internet, security has become a crucial issue. An unsecured network can allow malicious users to intercept, modify, or steal sensitive data. To ensure secure communication over a network, encryption plays an essential role.

Secure Shell (SSH) is an encrypted protocol that allows you to access a remote system securely. It provides secure communication between two untrusted hosts over an insecure network.

SSH keys are the authentication credentials used by SSH for secure communication between systems. They provide a more secure way of logging into a server than using a password alone.

Generating SSH Keys on Debian 10

SSH keys are an effective way to secure your communication over the internet. By using SSH keys, you can ensure that only authorized parties have access to your server. Generating keys on Debian 10 is a straightforward process that involves using the ssh-keygen command-line tool.

Step-by-step guide to generating SSH keys using the ssh-keygen command

To generate an SSH key on Debian 10, you need to follow a few simple steps −

  • Open your terminal and type in the following command −

ssh-keygen 
  • You will be asked for a filename and location for your new key file.

    The default location is usually ~/.ssh/id_rsa, which is fine for most cases. If you want to change the location or filename, you can do so now.

  • Next, you will be prompted for a passphrase. A passphrase adds an extra layer of security by encrypting your private key with a password.

    It is highly recommended that you choose a strong passphrase that includes upper and lowercase letters, numbers and symbols.

  • Once you have entered your passphrase twice, ssh-keygen will generate two files: one private (id_rsa) and one public (id_rsa.pub) key files.

Setting Up SSH Keys on Debian 10 Server

There are two ways of copying the public key over to the server: using the ssh-copy-id command or manually copying it over SFTP/SCP.

Copying Public Key using ssh-copy-id command

The simplest method of copying your public key to the server is by using the ssh-copy-id command. This command copies the contents of your public key file (usually named id_rsa.pub) to a file named authorized_keys in your home directory on the remote machine.

To use this method, run the following command in a terminal window −

ssh-copy-id username@remote_host 

Replace `username` with your username on the remote machine and `remote_host` with its IP address or hostname. You will be prompted for your password on the remote machine, after which your public key will be copied over.

Manually Copying Public Key

If you prefer not to use ssh-copy-id, you can manually copy your public key over SFTP or SCP. First, locate your public key file by running −

cat ~/.ssh/id_rsa.pub 

Copy everything that is printed out (including "ssh-rsa" at beginning but excluding username@hostname at end). Next, connect to your remote machine using an SFTP/SCP client like FileZilla or WinSCP.

Navigate to your home directory and create a new file called authorized_keys if it does not already exist. Open this file in an editor and paste in what you just copied.

Set proper permissions with −

chmod 600 ~/.ssh/authorized_keys 

Disabling Password Authentication for Added Security

Once your public key is copied over to the server, you should disable password authentication for added security. This ensures that only users with the correct private key can access the server. To disable password authentication, edit the /etc/ssh/sshd_config file on your remote machine by running −

sudo nano /etc/ssh/sshd_config 

Find the line that says `#PasswordAuthentication yes` and change it to `PasswordAuthentication no`.

Save and close the file. Restart the SSH service with −

sudo systemctl restart sshd 

You will now be able to log in to your remote machine using only your SSH key.

Using SSH Keys with Git Repositories

How to add your public key to your Git account?

Adding your public key to your Git account is an essential step in using SSH keys with Git repositories. Once you have generated your keys using the ssh-keygen command, you need to copy the contents of the public key file (usually named id_rsa.pub) and paste it into your Git account settings. To do this, log in to your Git account and navigate to the SSH keys section of the settings page.

Configuring Git client on your local machine to use SSH instead of HTTPS

By default, most Git clients use HTTPS when communicating with remote repositories. However, once you have added your public key to your Git account and set up SSH authentication, it's recommended that you configure git client on local machine to use the SSH protocol instead of HTTPS.

To do this, open up a terminal or command prompt and navigate into the repository that you want to switch from HTTPS to SSH. Then run the following command −

git remote set-url origin git@github.com:/.git 

Replace `` with your username and `` with the name of the repository you want to switch over.

Best Practices for Managing Your SSH Keys

How often you should rotate your keys

One of the best practices for managing SSH keys is to rotate them regularly. This means generating a new key pair and replacing the old one. The frequency of rotation depends on the level of security required and how frequently the key pair is used.

For high-security environments, it is recommended to rotate the keys every 90 days or less. In addition, if there is any suspicion that a key may have been compromised, it should be rotated immediately.

How to revoke access if needed

Revoking access means preventing an unauthorized user from accessing your server with their SSH key pair. If you suspect that someone might have compromised your private key or someone who was once authorized no longer needs access, you can revoke their access by removing their public key from authorized_keys file on your server.

Tips for keeping your private key secure

The private SSH key must be kept secure at all times since possession of this file grants complete control over any system where its corresponding public half is installed as an authorized_key for login purposes.

There are several ways to keep your private SSH keys safe −

  • Protect them with a strong passphrase

  • Store them on encrypted storage such as an external hard drive

  • Use a password manager to manage your SSH keys and ensure their safety

  • Do not share them with anyone or upload them to online storage or Git repositories.

Remember that if your private key is compromised, you will need to revoke access immediately and generate a new key pair. Keeping your private key secure is the first line of defense against unauthorized access to your systems.

Conclusion

Generating and setting up SSH keys on Debian 10 is a critical step in ensuring secure communication between servers and clients. The use of SSH keys offers several advantages over traditional password-based authentication, including greater security, convenience, and ease of use. By following the step-by-step guide outlined in this article, you can generate and set up your SSH keys quickly and easily.

Updated on: 06-Jun-2023

560 Views

Kickstart Your Career

Get certified by completing the course

Get Started
Advertisements