12/28/2024
Securing SSH on a Debian server
This tutorial assumes that you have finished installing the Debian server and that you're running a linux distro on your client computer. Assuming you don't have ssh installed, log into a local TTY on the server. Enter the following to install and run the OpenSSH server.
sudo apt install ssh
sudo systemctl enable ssh
sudo systemctl start ssh
mkdir ~/.ssh
With ssh now running on the server, open a terminal window on your client computer. Make sure you have OpenSSH installed on your client. If you don't already have a ".ssh" folder in your home directory, create one now:
mkdir ~/.ssh
With ssh installed on both systems, it's now time to generate the keys. Make sure, when prompted, that you enter a secure password for your key file.
ssh-keygen -t ed25519
Send the public key to a new file on the server called "authorized_keys". WARNING: This command will overwrite any pre-existing "authorized_keys" file. If you've previously set up ssh, it would be better to edit the existing file instead.
scp ~/.ssh/id_ed25519.pub [username]@[serveraddress]:~/.ssh/authorized_keys
Start an SSH session with the server. When prompted, enter the password you set for the ssh key.
ssh [username]@[serveraddress]
For some finishing touches, disable root login and password authentication on the server.
sudo echo "PermitRootLogin no" >> /etc/ssh/sshd_config
sudo echo "PasswordAuthentication no" >> /etc/ssh/sshd_config
sudo systemctl restart ssh