Remote Access
By default, Debian allowed non-root accounts access via SSH using a username and password. To increase security, it’s recommended that password-based authentication be disabled, with only key-based authentication being used.
Generate Key Pair
If you do not already have a SSH key pair generated, run the following command.
ssh-keygen -t ecdsa -b 521This process will create two new files within the home directory of your local computer (for both Windows and Linux).
~/.ssh/id_ecdsa # Private Key
~/.ssh/id_ecdsa.pub # Public Keyid_ecdsa is your private key and must be protected at all times. Never pass out this key. id_ecdsa.pub is your public key. This key will be installed onto any device you’d like to access using your SSH key pair.
Install Key Pair
With the key pair generated, lets install it onto the new Debian host.
If coming from a Linux OS, use the ssh-copy-id command.
ssh-copy-id -i ~/.ssh/id_ecdsa.pub username@hostFor folks on Windows, ssh-copy-id does not exist so we’ll have to make due replicating it.
cat ~/.ssh/id_ecdsa.pub | ssh user@host "mkdir ~/.ssh; cat >> ~/.ssh/authorized_keys"If all works well, you should now be able to connect to your new Debian host without having to enter a password.
ssh username@hostDisable Password-based Access
With SSH key pair authentication configured, password-based authentication should be disabled. Logon to the Debian Host and open SSH’s configuration file.
sudo vim /etc/ssh/sshd_configLook for the line PasswordAuthentication and ensure it ends in no.
PasswordAuthentication noRestart the SSH service for the changes to take effect.
sudo systemctl restart sshCongradulations! You’ve successfully configured a Debian host for production use. Now you can move onto the fun part of configuring the service you’d like running on this host!