Intro:
For this SSH server I’m using Debian 12 in a VM using Proxmox. This guide should work if you using a fresh install of Debian just make sure you at least give you user sudoers permissions and install sudo.
1. Install OpenSSH Server
- Install the OpenSSH server on the remote machine.
sudo apt install openssh-server
2. Confirm SSH Access
- Verify you can log in to the server:
ssh username@ipaddress
3. Generate RSA Keys
- Were using these keys to protect against brute force attacks and set up ssh-agent later on this guide. I’m using RSA because I’m used to it but if you want a strong and faster Cryptography you can use Ed25519. Both of these use asymmetric cryptography so this guide doesn’t change much if you do choose to use ED25519. If you’r clueless about asymmetric cryptography I would go ahead and read this before continuing. https://www.techtarget.com/searchsecurity/definition/asymmetric-cryptography
- NEVER SHARE YOU PRIVATE KEY WITH ANYONE!
- Run the following command to generate RSA keys:
ssh-keygen -t rsa -b 4096 -f ~/.ssh/[filename] -C "[useful comment]"
Explanation of options:
-t rsa
: Specifies the use of RSA encryption.-b 4096
: Sets the key size to 4096 bits.-f
: Defines the name and location of the key file.-C
: Adds a comment to identify the key.- Default location:
~/.ssh/id_rsa
.
4. Transfer the Public Key
- Use the following command to copy the public key to the server:
ssh-copy-id -i .ssh/[filename] username@ipaddress
Explanation:
-i
: Specifies which key to use.- Automatically creates the
.ssh
directory and appends the public key to the~/.ssh/authorized_keys
file on the server.
Example:
ssh name@ipaddress
- You can use the
-i
: to specifies where the key is at but it should do this by default.
5. Edit SSH Server Configuration
- This stop logging in using the password instead of the keys we generated.
- Open the SSH configuration file on the server:
sudo vim /etc/ssh/sshd_config
- Add the following lines to disable password authentication:
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no
6. Set a Static IP Address
- Avoid confusion if this changes later on and is needed later on the guide.
- Exit the SSH session and log into the server locally or via SSH.
- Identify the network interface:
ip a
- Edit the network interfaces file:
sudo vim /etc/network/interfaces
- Add the following under the primary network interface:
iface [interface] inet static
address [ip address]
gateway [default gateway]
- Restart the networking service and reboot:
sudo systemctl restart networking
sudo reboot
- Verify the IP address after reboot:
ip a
7. Use SSH Agent for Passwordless Login
- Reduce the headache of remembering the ssh keys passwords. I would still recommend you storing these password somewhere safe just in case you lose the private keys.
- Start the SSH agent and add your private key:
eval $(ssh-agent)
ssh-add ~/.ssh/[keyname]
- This allows you to log in without entering the passphrase for the key every time.
8. Automate SSH Agent with Config File
- Remember that the
eval $(ssh-agent)
command needs to be run each time unless automated. - To simplify logins, create an SSH config file:
vim ~/.ssh/config
- Add configuration for each server:
Host [Name] # Alias for the server
Hostname [domain name or IP address]
User [username]
Port [port number]
Example:
Host Debian-Server
Hostname 192.168.1.20
User joseph
Port 2222
Host Win-Server
Hostname 192.168.1.53
User joseph
- Now you can connect to the servers with just the host alias:
ssh Debian-Server
connected
exit
ssh Win-Server
connected
exit
Leave a Reply