Introduction
SSH stands for Secure Shell. SSH is used to connect to a remote computer that accesses files and perform administrative tasks.
In this tutorial, learn how to enable SSH on Debian 9 (Stretch) or Debian 10 (Buster).
System Prerequisites
Debian to act as SSH server Debian system to
- act as
- Sudo privileges
- command line (Ctrl-Alt-T
- Apt package manager (included by default)
- to enable SSH
SSH client
in Debian for each system Access to a
)
5 steps
in Debian
When connecting remotely, a secure connection is important: without it, a hacker could intercept usernames, Passwords and configuration files that could compromise the security of your server. These five (5) steps will guide you through the process of establishing a secure connection.
Step
1: Update Package Manager
Before installing new software, update the
list of software repositories with
the following command: sudo apt-get update
The screen confirms that the packages have been updated
:
Step 2: Install the SSH
server On the server
acting as the server, run the following command:
sudo apt install openssh-server
Enter your password when prompted, then press Y to continue with the installation. In this case, the output indicates that the latest version is already installed.
You can check the status of the SSH service with the following command: sudo systemctl status ssh The system confirms that
the SSH service
is running
.
Step 3: Start
and stop the SSH server Because SSH
controls connections, it can be useful to know how to start and
stop the service. To stop the SSH
host server, Enter the following:
sudo service ssh stop
If you check the status of the service at this point, the system indicates that SSH is down. It also indicates the exact date and time you stopped.
To start the SSH service, use the following command: sudo SSH Service Home
The service is stopped only until the next restart
. To disable SSH
indefinitely, type
: sudo systemctl disable ssh
To re-enable the SSH service, simply replace disable with enable.
Step 4: Get
your server’s IP address If you are configuring a server locally
,
you can display the IP address from a terminal window with the following command
: ip a The IP address
will have a format like this:
192.168.0.1
If you are connecting to a server that is already configured, you will want to obtain the IP address of the server administrator. Or, you can log on with the host name or domain name of the server.
Step 5: Install the SSH Client Service
(optional)
If you are
connecting to a server that is already configured or have completed the above steps on your server, open a terminal window on your client system and refresh the package list:
sudo apt-get update
By default, most Linux systems have the SSH client installed. If yours doesn’t, enter the following command
:
sudo apt-get install openssh-client
This example has the latest version installed
. Connect to a server using
SSH
Type the following command to connect to the server using a secure shell:
ssh UserName@IPAddressOrHostname Replace the user name with the user
name of an authorized user on the server. After the @ sign, use the IP address from step 4, or you can use the domain name. You can also specify a host name if the server is configured to use one.
When you connect for the first time, the system may ask you for confirmation. Type ‘yes‘ and then ‘enter‘.
The remote system will prompt you for a password. Use the password that accompanies the user name you provided.
The command prompt will change to username@hostname, indicating that the commands you are running are running on the remote server.
Firewall and security settings
By default, Debian uses the UFW firewall which can interfere with
secure shell traffic.
To allow SSH access, use the command:
sudo ufw allow ssh
SSH traffic passes through port 22. The result confirms that the rules have been updated.
To implement the necessary security measures, use the firewall application (or router settings) to configure port forwarding. You will need to consult your documentation for specific information. However, the strategy is to forward traffic requests entering port 22 to the IP address of the machine behind the firewall.
You can also configure your firewall or router to accept SSH traffic on a different port, it’s an extra step, but then you can route that incoming traffic to port 22 on your server. This is a useful solution when opening your server to internet traffic. Why? Many intrusion attempts enter port 22 attempting to access SSH. Changing the port will restrict access only to those who know the correct port, thus limiting unauthorized connections.
Conclusion
By following the steps in this article, you have successfully enabled an SSH connection in Debian
.
You can now connect to a remote securley host and continue to manage your servers in a secure environment
.
Check out our guide on the “ssh_exchange_identification: Read: Peer Connection Reset” error if you notice it while connecting to your remote server.
