Share your love
Install and Secure SSH Server on Debian 12 Bookworm
In this guide, we want to show you to Install and Secure SSH Server Connection on Debian 12 Bookworm. As you know, SSH is used to access Linux Server in a secure mode. Most of the users use the default SSH settings to connect to their servers. This will cause some security issues. So we decided to show you how to secure your SSH connection on Debian 12.
How To Install and Secure SSH Server on Debian 12 Bookworm?
To set up a secure SSH server, you must have access to your server as a non-root user with sudo privileges and set up a basic firewall. For this purpose, you can visit this guide on Initial Server Setup with Debian 12 Bookworm.
Now proceed to the following steps to complete this guide.
Step 1 – Install SSH Server on Debian 12
First, you must run the system update with the following command:
sudo apt update
Then, use the command below to install the SSH server on Debian 12:
sudo apt install ssh -y
At this point, your SSH server must be enabled and activated on your system. To verify this, run the command below:
sudo systemctl status ssh
Output
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; preset: enabled)
Active: active (running) since Sat 2023-07-15 06:44:04 EDT; 4min 15s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 544 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Main PID: 547 (sshd)
Tasks: 3 (limit: 4653)
Memory: 11.6M
CPU: 1.223s
CGroup: /system.slice/ssh.service
...
Now proceed to the following step to secure your SSH server connection.
Step 2 – Secure SSH Server Connection on Debian 12
There are so many different ways that you can increase your SSH server security. Here we want to show you some of them to secure your SSH connection on Debian 12.
1: Disable Root Login on SSH Server
One of the ways that you can secure your SSH is to disable the root logins. To do this, you must open your SSH Config Server file with your favorite text editor, here we use vi:
sudo vi /etc/ssh/sshd_config
Find the PermitRootLogin line and change its value to No:
PermitRootLogin no
When you are done, save and close the file.
Then, restart SSH to apply the changes:
sudo systemctl restart ssh
2: Change the Default SSH Server Port
To secure your SSH server, it’s recommended to change the SSH default port on Debian 12.
Open the SSH Config file again with the command below:
sudo vi /etc/ssh/sshd_config
Find the Port line, and change it to your desired value, here we change it to 2222:
Port 2222
When you are done, save and close the file.
If you are using a firewall, you must allow it through the firewall rules:
sudo ufw allow 2222
Then, restart SSH to apply the changes:
sudo systemctl restart ssh
You can also use the “netstat” command to verify it:
netstat -tulpn | grep 2222
Output
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 3199/sshd: /usr/sbi
tcp6 0 0 :::2222 :::* LISTEN 3199/sshd: /usr/sbi
Note: Be careful when you change your default SSH server port on Debian 12, you will have to specify it when connecting to it. You can easily connect to your SSH server by using the command below:
ssh -p <port> <username>@<ip_address>
3: Block Access For Users without Passwords
You may have users without passwords on your system. So you can block these users that cant access the SSH server. Again open the SSH config file:
sudo vi /etc/ssh/sshd_config
Find the PermitEmptyPasswords line and change its value to No:
PermitEmptyPasswords no
When you are done, save and close the file.
4: Limit SSH Login Attempts
By default, you can access your server so many password attempts. You can limit this option to prevent security issues. To do this, from your SSH config file, find the MaxAuthTries line and change its value to your desired number of attempts. For example:
MaxAuthTries 3
5: Enable SSH Server Version 2
At this point, you can use SSH version 2 which is designed to improve the security.
To enable the second version of the SSH server on Debian 12, you can add the following Protocol line to the SSH config file as shown below:
Include /etc/ssh/sshd_config.d/*.conf
Protocol 2
Note: Remember every time you make changes to the file, you must restart your SSH server to apply the changes.
6: Connect to your Server by Using SSH Key Pairs
One of the best secure ways that you can connect to your server is to use the SSH keys. SSH key pairs are two cryptographically secure keys that can be used to authenticate a client to an SSH server. With this option, you can easily connect to your server without using passwords. To do this, you must generate the SSH key pairs.
For complete information, you can visit this guide on Generating SSH key pairs in Linux.
Conclusion
SSH security is one of the ways to protect your connection servers. At this point, you have learned to Install and Secure SSH Server Connection on Debian 12 Bookworm by using some tips that we said in the guide.
Hope you enjoy it. You may be interested in these articles: