Share your love
Enable and Configure SSH on Debian 11
This guide intends to teach you How To Enable and Configure SSH servers on Debian 11.
SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.
SSH also refers to the suite of utilities that implement the SSH protocol. Secure Shell provides strong password authentication and public key authentication, as well as encrypted data communications between two computers connecting over an open network, such as the Internet.
In addition to providing strong encryption, SSH is widely used by network administrators to manage systems and applications remotely, enabling them to log in to another computer over a network, execute commands and move files from one computer to another.
Steps To Enable and Configure SSH on Debian 11
To complete this guide, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow our guide the Initial Server Setup with Debian 11.
Verify SSH Installation on Debian 11
First, you need to update your local package index with the command below:
sudo apt update
By default, SSH is installed on Debian 11. To verify this, run the command below:
ssh -V
Output
OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1k 25 Mar 2021
Note: This information does not mean that you have an SSH server running on your server, it only means that you are currently able to connect as a client to SSH servers.
Install OpenSSH on Debian 11
Then, use the command below to install OpenSSH:
sudo apt install openssh-server
When your installation is completed, enable your service to start on boot:
sudo systemctl enable ssh
Check SSH Status
Check your SSH status with the command below:
sudo systemctl status sshd
In your output you should see:
Output
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: e>
Active: active (running) since Sat 2022-12-17 05:34:51 EST; 3s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 1160 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 1161 (sshd)
Tasks: 1 (limit: 4679)
Memory: 1.1M
CPU: 24ms
CGroup: /system.slice/ssh.service
└─1161 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
...
Check SSH Port
By default, your SSH server is listening on port 22 (which is the default SSH port).
You can check that the SSH server is listening on port 22 with the netstat command:
netstat -tulpn | grep 22
Output
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1161/sshd: /usr/sbi
tcp6 0 0 :::22 :::* LISTEN 1161/sshd: /usr/sbi
Configure Firewall for SSH
At this point, you need to allow SSH traffic on the UFW firewall.
To enable SSH connections on your Debian 11, run the command below:
sudo ufw allow ssh
Now you can check your UFW status:
sudo ufw status
Output
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
Configure SSH Server on Debian 11
As you know, SSH configuration files are located in the /etc/ssh folder.
In this directory, you are going to find many different files and folders, but the most important ones are :
- ssh_config: is used in order to configure SSH clients. It means that it defines rules that are applied every time you use SSH to connect to a remote host or to transfer files between hosts;
- sshd_config: is used in order to configure your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.
In this tutorial, we are going to focus on the server part of the configuration.
Change SSH Default Port
To secure your SSH server, it’s recommended to change the SSH default port on Debian 11.
Open the sshd_config file with your favorite text editor, here we use vi:
sudo vi /etc/ssh/sshd_config
Find the port line, and change it to your desired value, here we change it to 2222:
Port 2222
When you are done, save and close the file.
Note: Be careful when you change your default SSH port, you will have to specify it when connecting to it.
Disable Root Login on your SSH Server
By default, on recent distributions, root login is set to “prohibit-password”.
This option means that all interactive authentication methods are banned, allowing only public keys to be used.
In short, you need to set up SSH keys and use them in order to connect as a root.
However, even if you connect without a password, root login is not recommended: if keys are compromised, your entire host is compromised.
As a consequence, you can set this option to “no” in order to restrict it completely.
Again open the SSH server config file on Debian 11:
sudo vi /etc/ssh/sshd_config
Find the line below and set it to no:
PermitRootLogin no
When you are done, save and close the file.
To apply these changes, restart the SSH service:
sudo systemctl restart sshd
You can also use the “netstat” command as we already did in the previous sections:
netstat -tulpn | grep 2222
Output
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 3199/sshd: /usr/sbi
tcp6 0 0 :::2222 :::* LISTEN 3199/sshd: /usr/sbi
How To Connect to SSH Server
At this point, you can easily connect to your SSH server by using the command below:
ssh -p <port> <username>@<ip_address>
For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command:
ssh -p 2222 <user>@127.0.0.1
You will be asked to provide your password and certify that the authenticity of the server is correct.
To exit from your SSH server on Debian 11, you can hit Ctrl + D or type ‘logout’ and your connection will be terminated.
Disable SSH server
If you plan to disable your SSH server, you can use the following command:
sudo systemctl stop sshd
Check your SSH service status:
sudo systemctl status sshd
Output
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: e>
Active: inactive (dead) since Sat 2022-12-17 05:40:59 EST; 5s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 1161 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=0>
Main PID: 1161 (code=exited, status=0/SUCCESS)
CPU: 153ms
...
From there, your SSH server won’t be accessible anymore.
Conclusion
At this point, you have learned to Enable and Configure SSH Server on Debian 11.
Hope you enjoy it.
You may be like these articles:
Set Up Nginx Password Authentication on Debian 11