Passwordless SSH using Private/Public Keys

This guide explains how to set up private/public key authentication for passwordless SSH, (specifically tailored for Debian systems.)

On your local machine, generate an RSA key pair:

ssh-keygen -t rsa -b 4096

• Files created: ~/.ssh/id_rsa (private key) and ~/.ssh/id_rsa.pub (public key).
• Press Enter for the default location.
• Do not add a passphrase for extra security - or it will be asked every time key is used.

Install ssh-copy-id on your local machine if needed (part of openssh-client):

sudo apt update && sudo apt install openssh-client -y

Transfer the public key:

ssh-copy-id user@server

• You can usually not copy the key to the root user. Copy to a regular user first
• Replace user with a regular user and server with the server’s IP or hostname.
• Enter your password when prompted.
• If you need the keys for the root user, copy the keys from the regular user “user” to root.

Manual Alternative:

1. Log into the server:

ssh user@debian_server

1. Create the .ssh directory if it doesn’t exist:

mkdir -p ~/.ssh && chmod 700 ~/.ssh

1. Copy the contents of ~/.ssh/id_rsa.pub from your local machine into ~/.ssh/authorized_keys on the server.
2. Set permissions:

chmod 600 ~/.ssh/authorized_keys

Ensure the SSH server is installed and running:

sudo apt install openssh-server -y
sudo systemctl enable ssh
sudo systemctl start ssh

Verify /etc/ssh/sshd_config allows key-based authentication (default is fine):

• Look for: PubkeyAuthentication yes.
• If changed, restart SSH:

sudo systemctl restart ssh

From your local machine:

ssh user@server

• Works on Debian 11, 12, and likely future versions as of February 24, 2025.
• Keep the private key (id_rsa) secure and never share it.

Caponato's Samba notebook. Start here or else Main menu