Install SSH server

SSH client should already be installed. To install SSH server on a Debian-based distro with APT:

sudo apt-get install openssh-server

The sshd service should be enabled automatically. If not, run systemctl enable sshd to allow the service to start automatically and run in the background.

Configuration files

The default locations for configuration files is /etc/ssh/. Settings for the SSH client are in /etc/ssh/ssh_config. The SSH server can be configured by updating /etc/ssh/sshd_config.

SSH server port

By default, the SSH server runs on TCP port 22. It is considered good security practice to change this to a different port. To do this, find the line in /etc/ssh/sshd_config that says “#Port 22” by default, uncomment it (by removing he #) and change 22 to a different number that is allowed by the system. A list of commonly used ports can be found here and also the /etc/services on your system.

SSH keys

Using keys instead of password is the recommended security practice. If password authentication is disabled, attackers will be unable to log into the server without the private key.

Generate an SSH key pair locally:

ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/testserver -C testclient@test.com

Copy SSH public key to the server, so that the client is added to the ~/.ssh/known_hosts list:

ssh-copy-id -i ~/.ssh/testserver.pub username@ip.addr.or.domain

Now you should be able to log into the server using the following command:

ssh -i ~/.ssh/testserver username@ip.addr.or.domain

Check that the above command works before disabling SSH password authentication, if you don’t want to be locked out!