Secure Debian 10 Installation (Debian Buster)

Debian does not come with sudo preinstalled.

That’s so 10-year-ago.

1. Installing your Debian

  • Use any password for root. (We will disable root password later.)
  • When you are creating a new user, use secure password.
  • On Software Selection page, you must check SSH Server. This will install SSH Server for you.

2. Setup SSH

  1. Add your public key to the server
$ ssh-copy-id <yourusername>@<your-debian-ip>
// You will be prompt for the password
// Execute the following line from your workstation
$ ssh <yourusername>@<your-debian-ip>
// Now we are logged in// Give yourself a root access
$ su -
# nano /etc/ssh/sshd_config
PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
  • Disallow Root from logging in via SSH.
  • Explicitly allow SSH login with Public Key.
  • Disallow any SSH login with the Password.
# systemctl restart sshd
// exit from su
# exit
// log out of SSH
$ exit
// re-login
$ ssh <yourusername>@<your-debian-ip>

3. Setup sudo

  • Install sudo
  • Grant our user to use sudo
// Become root
$ su -
// Install sudo
# apt install sudo
// Put yourself in sudoers' group
# usermod -aG sudo <yourusername>
// exit from su
# exit
// log out of SSH
$ exit
// re-login
$ ssh <yourusername>@<your-debian-ip>
// Enter root shell
$ sudo -s
// exit root shell
# exit

4. Disable usage of su

$ sudo nano /etc/pam.d/su
// Find the line:
# auth required
// Uncomment it:
auth required
$ su -
su: Permission denied

5. Lock root account

$ sudo passwd -l root

6. Suggestions

  • You are the sole administrator who have privilege access.
  • Keep your private key secure and DO NOT lose it.
  • Do not forget your password. You don’t need it for SSH login but you need it for sudo.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Attawit Kittikrairit

Attawit Kittikrairit


IT consultant. Computer engineer. Cryptocurrency enthusiast. Entrepreneur.