How to Set Up SSH Key Authentication in Debian 12 Bookworm

This article explains how to set up SSH key authentication in Debian 12 Bookworm.
by İbrahim Korucuoğlu ( @siberoloji) |
Tags:
Categories:

  3 minute read  

Secure Shell (SSH) is a widely used protocol for remote access to Linux servers. While password-based authentication is common, SSH key authentication provides enhanced security by using cryptographic keys instead of passwords. This guide walks you through setting up SSH key authentication in Debian 12 Bookworm, ensuring secure and seamless access to your server.

Prerequisites

Before proceeding, ensure that:

  • You have a Debian 12 Bookworm system.
  • You have administrative (root) or sudo privileges.
  • OpenSSH server is installed on the target machine.
  • A local client machine (Linux/macOS or Windows with OpenSSH/PuTTY) is available for generating and using SSH keys.

Step 1: Checking for OpenSSH Installation

To verify that OpenSSH is installed on the Debian 12 server, run:

sudo systemctl status ssh

If SSH is not installed, install it with:

sudo apt update && sudo apt install -y openssh-server

Start and enable the SSH service:

sudo systemctl enable --now ssh

Step 2: Generating an SSH Key Pair

On your client machine, generate an SSH key pair using:

ssh-keygen -t rsa -b 4096 -C "your_email@example.com"
  • -t rsa specifies the RSA algorithm.
  • -b 4096 sets a 4096-bit key length for enhanced security.
  • -C "your_email@example.com" adds an optional comment.

You will be prompted to specify a location to save the key. The default location is:

/home/your_user/.ssh/id_rsa

Optionally, set a passphrase for added security.

Step 3: Copying the Public Key to the Debian 12 Server

Use the following command to copy the public key to your server:

ssh-copy-id username@your_server_ip

If ssh-copy-id is unavailable, manually copy the key:

cat ~/.ssh/id_rsa.pub | ssh username@your_server_ip "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Step 4: Verifying SSH Key Authentication

Attempt to log in using:

ssh username@your_server_ip

If key authentication is successful, you will be logged in without a password prompt.

To further enhance security, disable password authentication. Edit the SSH configuration file:

sudo nano /etc/ssh/sshd_config

Find and modify these lines:

PasswordAuthentication no
PubkeyAuthentication yes

Restart SSH for the changes to take effect:

sudo systemctl restart ssh

Step 6: Testing and Troubleshooting

Test SSH access to ensure key authentication is working. If login fails:

  • Ensure the authorized_keys file is correctly configured.

  • Check SSH server logs:

    sudo journalctl -xeu ssh

  • Verify SSH permissions:

    ls -ld ~/.ssh && ls -l ~/.ssh/authorized_keys

Conclusion

Setting up SSH key authentication in Debian 12 Bookworm enhances security and convenience by eliminating password-based logins. By following the steps in this guide, you ensure that your server is both secure and accessible with minimal risk. Implementing best practices such as disabling password authentication further strengthens security against unauthorized access.


< How to Use Nmap for Network Scanning on Debian 12 BookwormHow to Block Specific IPs Using iptables on Debian 12 Bookworm >