Secure Shell (SSH)
Install SSH server
SSH client should already be installed. To install SSH server on a Debian-based distro with APT:
sudo apt-get install openssh-server
The sshd
service should be enabled automatically. If not, run systemctl enable sshd
to allow the service to start automatically and run in the background.
Configuration files
The default locations for configuration files is /etc/ssh/
. Settings for the SSH client are in /etc/ssh/ssh_config
. The SSH server can be configured by updating /etc/ssh/sshd_config
.
SSH server port
By default, the SSH server runs on TCP port 22. It is considered good security practice to change this to a different port. To do this, find the line in /etc/ssh/sshd_config
that says “#Port 22” by default, uncomment it (by removing he #) and change 22 to a different number that is allowed by the system. A list of commonly used ports can be found here and also the /etc/services
on your system.
SSH keys
Using keys instead of password is the recommended security practice. If password authentication is disabled, attackers will be unable to log into the server without the private key.
Generate an SSH key pair locally:
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/testserver -C testclient@test.com
Copy SSH public key to the server, so that the client is added to the ~/.ssh/known_hosts
list:
ssh-copy-id -i ~/.ssh/testserver.pub username@ip.addr.or.domain
Now you should be able to log into the server using the following command:
ssh -i ~/.ssh/testserver username@ip.addr.or.domain
Check that the above command works before disabling SSH password authentication, if you don’t want to be locked out!