Home Blog Tutorials Contact

12/28/2024

Securing SSH on a Debian server


This tutorial assumes that you have finished installing the Debian server and that you're running a linux distro on your client computer. Assuming you don't have ssh installed, log into a local TTY on the server. Enter the following to install and run the OpenSSH server.

sudo apt install ssh

sudo systemctl enable ssh

sudo systemctl start ssh

mkdir ~/.ssh

With ssh now running on the server, open a terminal window on your client computer. Make sure you have OpenSSH installed on your client. If you don't already have a ".ssh" folder in your home directory, create one now:

mkdir ~/.ssh

With ssh installed on both systems, it's now time to generate the keys. Make sure, when prompted, that you enter a secure password for your key file.

ssh-keygen -t ed25519

Send the public key to a new file on the server called "authorized_keys". WARNING: This command will overwrite any pre-existing "authorized_keys" file. If you've previously set up ssh, it would be better to edit the existing file instead.

scp ~/.ssh/id_ed25519.pub [username]@[serveraddress]:~/.ssh/authorized_keys

Start an SSH session with the server. When prompted, enter the password you set for the ssh key.

ssh [username]@[serveraddress]

For some finishing touches, disable root login and password authentication on the server.

sudo echo "PermitRootLogin no" >> /etc/ssh/sshd_config

sudo echo "PasswordAuthentication no" >> /etc/ssh/sshd_config

sudo systemctl restart ssh