Debian / Ubuntu
Setup SSH keys and disable password authentication for increased security.
Initial system setup completed.
Logged in as administrative user.
Before getting started, update package repositories. Consider upgrading them as well for the latest patches.
# Debian sudo apt update sudo apt upgrade
Secure Shell (SSH) requires an application to function. Verify the required
openssh-server package is installed on your target server, and
openssh-client is installed on any system you want to use to access the server.
sudo apt install openssh-server
sudo apt install openssh-client
Generate SSH Keys
ssh-keygen -t rsa -b 4096 -C "[email protected]"
ssh-keygen -t ed25519 -C "[email protected]"
When prompted, specify a filename and enter a secure password to encrypt the private key with. The key will be generated and two files will be created with your chosen filename (
id_rsa by default).
id_rsa- Private key used for authentication. Store in a secure location and do not share it.
id_rsa.pub- Public key. Placed on the server to verify the private key when opening a connection.
Copy Public Key
Once the SSH key pair as been created, the public key must be added to the
authorized_keys list for the login user on the target server.
OpenSSH has a built-in tool,
ssh-copy-id, for copying SSH keys from your local system to a server. This method requires SSH access to the server.
ssh-copy-id command, replacing the necessary values.
ssh-copy-id id_rsa.pub user@serverIP
If successful, the command will output the number of keys added.
Using ctrl + c/v
If you cannot, or won’t, use
ssh-copy-id, copy the public key to the server manually.
Login to the server and verify the
.ssh directory exists in the chosen user’s home directory.
Copy the contents of the public key file, named
id_rsa.pub by default. Paste the public key in the
authorized_keys file in the
Set the ownership and permissions of the
.ssh directory so that only the system user can access it.
chown -R \$USER:\$USER ~/.ssh && chmod -R go= ~/.ssh
SSH Key Login
Once the public key has been copied to the server, an SSH connection can be opened using the private key.
When logging in using an SSH key, specify the SSH private key path when executing the SSH command.
ssh -i ~/.ssh/id_rsa user@serverIP
To make your life easy, add the server to your client SSH
Below is an example of an SSH host definition. Add and replace the information to match your server details.
Host example-host HostName 220.127.116.11 Port 22 User targetUser IdentityFile /home/localUser/.ssh/id_rsa
You can now open an SSH connection using the chosen
Host name; no need to specifiy user, address, or SSH key path.
To gain the full security benefit of using SSH keys, you should disable password authentication on your server. Verify you can access the system via SSH key before disabling passwords.
sudo nano /etc/ssh/sshd_config
Set the value of
no. Verify the lines are uncommented if modified.
PubkeyAuthentication yes PasswordAuthentication no
Restart the SSH service for changes to take effect.
sudo systemctl restart sshd