Enable and Configure SSH on Debian 11

This guide intends to teach you How To Enable and Configure SSH servers on Debian 11.

SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system administrators, a secure way to access a computer over an unsecured network.

SSH also refers to the suite of utilities that implement the SSH protocol. Secure Shell provides strong password authentication and public key authentication, as well as encrypted data communications between two computers connecting over an open network, such as the Internet.

In addition to providing strong encryption, SSH is widely used by network administrators to manage systems and applications remotely, enabling them to log in to another computer over a network, execute commands and move files from one computer to another.

Steps To Enable and Configure SSH on Debian 11

To complete this guide, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow our guide the Initial Server Setup with Debian 11.

Verify SSH Installation on Debian 11

First, you need to update your local package index with the command below:

sudo apt update

By default, SSH is installed on Debian 11. To verify this, run the command below:

ssh -V
Output
OpenSSH_8.4p1 Debian-5, OpenSSL 1.1.1k  25 Mar 2021

Note: This information does not mean that you have an SSH server running on your server, it only means that you are currently able to connect as a client to SSH servers.

Install OpenSSH on Debian 11

Then, use the command below to install OpenSSH:

sudo apt install openssh-server

When your installation is completed, enable your service to start on boot:

sudo systemctl enable ssh

Check SSH Status

Check your SSH status with the command below:

sudo systemctl status sshd

In your output you should see:

Output
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: e>
     Active: active (running) since Sat 2022-12-17 05:34:51 EST; 3s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 1160 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 1161 (sshd)
      Tasks: 1 (limit: 4679)
     Memory: 1.1M
        CPU: 24ms
     CGroup: /system.slice/ssh.service
             └─1161 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
...

Check SSH Port

By default, your SSH server is listening on port 22 (which is the default SSH port).

You can check that the SSH server is listening on port 22 with the netstat command:

netstat -tulpn | grep 22
Output
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1161/sshd: /usr/sbi
tcp6       0      0 :::22                   :::*                    LISTEN      1161/sshd: /usr/sbi

Configure Firewall for SSH

At this point, you need to allow SSH traffic on the UFW firewall.

To enable SSH connections on your Debian 11, run the command below:

sudo ufw allow ssh

Now you can check your UFW status:

sudo ufw status
Output
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)

Configure SSH Server on Debian 11

As you know, SSH configuration files are located in the /etc/ssh folder.

In this directory, you are going to find many different files and folders, but the most important ones are :

  • ssh_config: is used in order to configure SSH clients. It means that it defines rules that are applied every time you use SSH to connect to a remote host or to transfer files between hosts;
  • sshd_config: is used in order to configure your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.

In this tutorial, we are going to focus on the server part of the configuration.

Change SSH Default Port

To secure your SSH server, it’s recommended to change the SSH default port on Debian 11.

Open the sshd_config file with your favorite text editor, here we use vi:

sudo vi /etc/ssh/sshd_config

Find the port line, and change it to your desired value, here we change it to 2222:

Port 2222

When you are done, save and close the file.

Note: Be careful when you change your default SSH port, you will have to specify it when connecting to it.

Disable Root Login on your SSH Server

By default, on recent distributions, root login is set to “prohibit-password”.

This option means that all interactive authentication methods are banned, allowing only public keys to be used.

In short, you need to set up SSH keys and use them in order to connect as a root.

However, even if you connect without a password, root login is not recommended: if keys are compromised, your entire host is compromised.

As a consequence, you can set this option to “no” in order to restrict it completely.

Again open the SSH server config file on Debian 11:

sudo vi /etc/ssh/sshd_config

Find the line below and set it to no:

PermitRootLogin no

When you are done, save and close the file.

To apply these changes, restart the SSH service:

sudo systemctl restart sshd

You can also use the “netstat” command as we already did in the previous sections:

netstat -tulpn | grep 2222
Output
tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      3199/sshd: /usr/sbi
tcp6       0      0 :::2222                 :::*                    LISTEN      3199/sshd: /usr/sbi

How To Connect to SSH Server

At this point, you can easily connect to your SSH server by using the command below:

ssh -p <port> <username>@<ip_address>

For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command:

ssh -p 2222 <user>@127.0.0.1

You will be asked to provide your password and certify that the authenticity of the server is correct.

To exit from your SSH server on Debian 11, you can hit Ctrl + D or type ‘logout’ and your connection will be terminated.

Disable SSH server

If you plan to disable your SSH server, you can use the following command:

sudo systemctl stop sshd 

Check your SSH service status:

sudo systemctl status sshd
Output
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: e>
     Active: inactive (dead) since Sat 2022-12-17 05:40:59 EST; 5s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 1161 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=0>
   Main PID: 1161 (code=exited, status=0/SUCCESS)
        CPU: 153ms
...

From there, your SSH server won’t be accessible anymore.

Conclusion

At this point, you have learned to Enable and Configure SSH Server on Debian 11.

Hope you enjoy it.

You may be like these articles:

Set Up Nginx Password Authentication on Debian 11

Install and Configure Joomla On Debian 11

Install and Configure XAMPP on Debian 11

Newsletter Updates

Enter your email address below and subscribe to our newsletter

Stay informed and not overwhelmed, subscribe now!