Install and Secure SSH Server on Debian 12 Bookworm

In this guide, we want to show you to Install and Secure SSH Server Connection on Debian 12 Bookworm. As you know, SSH is used to access Linux Server in a secure mode. Most of the users use the default SSH settings to connect to their servers. This will cause some security issues. So we decided to show you how to secure your SSH connection on Debian 12.

How To Install and Secure SSH Server on Debian 12 Bookworm?

To set up a secure SSH server, you must have access to your server as a non-root user with sudo privileges and set up a basic firewall. For this purpose, you can visit this guide on Initial Server Setup with Debian 12 Bookworm.

Now proceed to the following steps to complete this guide.

Step 1 – Install SSH Server on Debian 12

First, you must run the system update with the following command:

sudo apt update

Then, use the command below to install the SSH server on Debian 12:

sudo apt install ssh -y

At this point, your SSH server must be enabled and activated on your system. To verify this, run the command below:

sudo systemctl status ssh
Output
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; preset: enabled)
     Active: active (running) since Sat 2023-07-15 06:44:04 EDT; 4min 15s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 544 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
   Main PID: 547 (sshd)
      Tasks: 3 (limit: 4653)
     Memory: 11.6M
        CPU: 1.223s
     CGroup: /system.slice/ssh.service
...

Now proceed to the following step to secure your SSH server connection.

Step 2 – Secure SSH Server Connection on Debian 12

There are so many different ways that you can increase your SSH server security. Here we want to show you some of them to secure your SSH connection on Debian 12.

1: Disable Root Login on SSH Server

One of the ways that you can secure your SSH is to disable the root logins. To do this, you must open your SSH Config Server file with your favorite text editor, here we use vi:

sudo vi /etc/ssh/sshd_config

Find the PermitRootLogin line and change its value to No:

PermitRootLogin no

When you are done, save and close the file.

Then, restart SSH to apply the changes:

sudo systemctl restart ssh

2: Change the Default SSH Server Port

To secure your SSH server, it’s recommended to change the SSH default port on Debian 12.

Open the SSH Config file again with the command below:

sudo vi /etc/ssh/sshd_config

Find the Port line, and change it to your desired value, here we change it to 2222:

Port 2222

When you are done, save and close the file.

If you are using a firewall, you must allow it through the firewall rules:

sudo ufw allow 2222

Then, restart SSH to apply the changes:

sudo systemctl restart ssh

You can also use the β€œnetstat” command to verify it:

netstat -tulpn | grep 2222
Output
tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      3199/sshd: /usr/sbi
tcp6       0      0 :::2222                 :::*                    LISTEN      3199/sshd: /usr/sbi

Note: Be careful when you change your default SSH server port on Debian 12, you will have to specify it when connecting to it. You can easily connect to your SSH server by using the command below:

ssh -p <port> <username>@<ip_address>

3: Block Access For Users without Passwords

You may have users without passwords on your system. So you can block these users that cant access the SSH server. Again open the SSH config file:

sudo vi /etc/ssh/sshd_config

Find the PermitEmptyPasswords line and change its value to No:

PermitEmptyPasswords no

When you are done, save and close the file.

4: Limit SSH Login Attempts

By default, you can access your server so many password attempts. You can limit this option to prevent security issues. To do this, from your SSH config file, find the MaxAuthTries line and change its value to your desired number of attempts. For example:

MaxAuthTries 3

5: Enable SSH Server Version 2

At this point, you can use SSH version 2 which is designed to improve the security.

To enable the second version of the SSH server on Debian 12, you can add the following Protocol line to the SSH config file as shown below:

Include /etc/ssh/sshd_config.d/*.conf 

Protocol 2

Note: Remember every time you make changes to the file, you must restart your SSH server to apply the changes.

6: Connect to your Server by Using SSH Key Pairs

One of the best secure ways that you can connect to your server is to use the SSH keys. SSH key pairs are two cryptographically secure keys that can be used to authenticate a client to an SSH server. With this option, you can easily connect to your server without using passwords. To do this, you must generate the SSH key pairs.

For complete information, you can visit this guide on Generating SSH key pairs in Linux.

Conclusion

SSH security is one of the ways to protect your connection servers. At this point, you have learned to Install and Secure SSH Server Connection on Debian 12 Bookworm by using some tips that we said in the guide.

Hope you enjoy it. You may be interested in these articles:

How To Change SSH Port on Debian

Enable and Configure SSH on Ubuntu 22.04

LEAVE A REPLY

Please enter your comment!
Please enter your name here
Captcha verification failed!
CAPTCHA user score failed. Please contact us!
Latest Articles

POPULAR TAGS

Most Popular