SSH Key-Based Authentication on Debian 12
Step 1 – Generate an Ed25519 key pair (client side)
ssh-keygen -t ed25519 -C "[email protected]"
# Accept default path (~/.ssh/id_ed25519) or specify customFor RSA (4096-bit) as an alternative:
ssh-keygen -t rsa -b 4096 -C "[email protected]"Step 2 – Copy the public key to the server
ssh-copy-id -i ~/.ssh/id_ed25519.pub [email protected]Or manually:
cat ~/.ssh/id_ed25519.pub | ssh [email protected] \
"mkdir -p ~/.ssh && chmod 700 ~/.ssh && \
cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"Step 3 – Test
ssh -i ~/.ssh/id_ed25519 [email protected]Step 4 – Disable password authentication on server
Edit /etc/ssh/sshd_config:
PasswordAuthentication noRestart sshd:
systemctl restart sshd 2>/dev/null || rcctl restart sshd 2>/dev/null || service sshd restartStep 5 – SSH config for convenience (~/.ssh/config)
Host myserver
HostName server.example.com
User alice
Port 2222
IdentityFile ~/.ssh/id_ed25519
ServerAliveInterval 60Connect simply with:
ssh myserver