Welcome to my website

Install OpenSSH server

Category: Linux | Published: 30 June 2025 12:52:02

Last Updated: 11 July 2025 09:50:46

Guide: Installing and Configuring OpenSSH Server



This guide will help you install and perform basic security configurations for an OpenSSH server on your Linux system. OpenSSH allows you to securely connect to your server remotely via the command line.

Prerequisites:
  • A Linux server (e.g., Ubuntu, Debian)
  • Root access or sudo privileges


Step 1: Install OpenSSH Server
On most Debian/Ubuntu-based systems, OpenSSH server can be installed with the following command:



sudo apt update

sudo apt install openssh-server


The SSH service should start automatically after installation. You can check its status:


sudo systemctl status ssh

You should see "active (running)".

Step 2: Configure Firewall (If Active)
If you have a firewall running (e.g., UFW), you need to allow SSH connections. By default, SSH uses port 22.



sudo ufw allow ssh

sudo ufw enable

(If you change the default SSH port later, remember to update this firewall rule, e.g., 
sudo ufw allow 2222/tcp
if you change the port to 2222).

Step 3: Basic SSH Configuration (Optional but Recommended Security Steps)
It's highly recommended to make a few changes to the default SSH configuration for better security.

1. Back up the original configuration file:


    sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak


2. Open the SSH daemon configuration file for editing:


    sudo nano /etc/ssh/sshd_config


3. Make the following changes:

a) Change the default SSH Port (Highly Recommended):
Changing the default port from 22 to a non-standard port (e.g., 2222) reduces automated attack attempts.
Find the line:


    #Port 22

Uncomment it (remove the `#`) and change 22 to your desired port number (e.g., 2222):


    Port 2222

  • Important: If you change the port, remember to update your firewall rules (Step 2) to allow the new port.


b) Disable Root Login (Highly Recommended):
Logging in directly as root is a security risk. It's better to log in as a regular user and then use `sudo` for administrative tasks.
Find the line:


    #PermitRootLogin prohibit-password

Change it to:


    PermitRootLogin no

  • Ensure you have a non-root user with sudo privileges before doing this!


c) Disable Password Authentication (More Secure, Requires SSH Keys):
For the highest security, use SSH key-based authentication and disable password authentication. This means you won't be able to log in with a password, only with a private SSH key.
Find the line:


    #PasswordAuthentication yes

Uncomment it and change `yes` to `no`:


    PasswordAuthentication no

  • WARNING: Only do this after you have successfully set up and tested SSH key-based authentication for your user. If you lock yourself out, you'll need console access to fix it!


4. Save and exit (Ctrl+O, Enter, Ctrl+X).

Step 4: Restart SSH Service
For the changes to `sshd_config` to take effect, you must restart the SSH service:



sudo systemctl restart ssh


Step 5: Connect to Your SSH Server
From your local machine (Windows with PowerShell/WSL/Git Bash, macOS, or Linux terminal), you can now connect.

Basic connection (if using default port 22 and password authentication):


ssh your_username@your_server_ip_or_domain

(Replace your_username and your_server_ip_or_domain). You will be prompted for your user's password.

Connection with a custom port (e.g., 2222):


ssh -p 2222 your_username@your_server_ip_or_domain


Connection with SSH Keys (Recommended Security):
1. Generate SSH Keys on your Local Machine:


    ssh-keygen -t rsa -b 4096

Follow the prompts (you can press Enter for default location and an empty passphrase, though a passphrase adds more security). This creates `id_rsa` (private key) and `id_rsa.pub` (public key) in your `~/.ssh` directory.

2. Copy Public Key to Server:
The `ssh-copy-id` tool is the easiest way to transfer your public key to the server's `authorized_keys` file.


    ssh-copy-id -p 2222 your_username@your_server_ip_or_domain

(Use the correct port. It will ask for your user's password once).

3. Connect using SSH Keys:


    ssh -p 2222 your_username@your_server_ip_or_domain

You should now log in without a password (unless you set a passphrase for your private key).

Conclusion
You have successfully installed, configured, and secured your OpenSSH server. This provides a secure way to manage your Linux server remotely.

Back to Knowledge Base