How to Enable SSH on Debian 9 or 10?

Introduction

SSH, or Secure Shell, is a network protocol that allows secure communication between two systems. It is used to establish a secure connection to a remote server over an unsecured network, such as the internet.

The data exchanged over this connection is encrypted and thus cannot be intercepted by third parties, making SSH an excellent choice for remote administration and file transfer. SSH offers several advantages over other network protocols like Telnet or FTP.

Importance of enabling SSH on Debian 9 or 10

Enabling SSH on your Debian 9/10 system can be extremely useful for remote administration purposes. With SSH access enabled, you can remotely connect to your server from any location with an internet connection using just a terminal emulator or other compatible software.

You can then control your system as if you were physically present at the machine's console. This feature is particularly beneficial for system administrators who need to manage multiple servers at once from different locations since they do not need to be physically present at each machine's location.

The ability to manage servers remotely also means that downtime related to infrastructure management can be kept at minimum levels since issues can be fixed quickly without delay while waiting for someone to physically arrive on-site to resolve problems.

Pre-requisites

Access to Debian 9 or 10 server

Before enabling SSH on Debian 9 or 10, you will need access to a server running on one of those operating systems.

Root access or sudo privileges

To enable SSH on Debian 9 or 10, you need to have root access to the server or sudo privileges.

Basic knowledge of Linux commands

To enable SSH on Debian 9 or 10, it is necessary to have basic knowledge of Linux commands.

Enabling SSH on Debian 9 or 10

Enabling SSH on a Debian 9 or 10 server is a straightforward process that involves installing the OpenSSH server package and configuring it to run as a service. To get started, log in to your Debian server with root access or sudo privileges and follow the steps outlined below.

i) Update the system and install OpenSSH server package:

The first step is to update your system's package list and install the OpenSSH server package. This can be done by running the following commands in the terminal −

sudo apt update 
sudo apt install openssh-server 

This will download and install the required packages for running an SSH server on your Debian machine.

ii) Configure the OpenSSH server settings

Once you have installed the OpenSSH package, you need to configure its settings. The main configuration file for OpenSSH is located at `/etc/ssh/sshd_config`.

You can open this file using any text editor of your choice (such as nano or vim). There are several important configurations that you should consider changing, such as the default port number, maximum number of authentication attempts, and others.

One important configuration is disabling root login via SSH, which improves system security by preventing unauthorized access. You can do this by adding `PermitRootLogin no` to `/etc/ssh/sshd_config`.

iii) Start and enable the OpenSSH service

After configuring your settings, you need to start and enable your SSH service so that it starts automatically whenever you boot up your machine. Use these commands −

sudo systemctl start ssh 
sudo systemctl enable ssh 

This will start and enable the ssh service.

iv) Test the SSH connection:

You can test your SSH connection to make sure everything is working correctly. To do this, open a terminal on your local machine and type −

ssh username@your-server-ip 

Replace `username` with the name of the user you want to connect as, and `your-server-ip` with your server's IP address.

Advanced Configuration Options for SSH Server

Changing Default Port Number

By default, SSH runs on port 22. The problem is that hackers know this and try to exploit it.

A simple and effective way to improve security is to change the default port number. To do this, you need to edit the SSH configuration file (/etc/ssh/sshd_config) and update the line that specifies the listening port (Port 22).

Choose a random high-numbered port (greater than 1024) and update this value. After updating the configuration file, restart the SSH service using the command −

$ sudo systemctl restart sshd 

Now, when connecting via SSH, use this new port number instead of 22. Keep in mind that when changing ports you will need to update your firewall rules accordingly.

Restricting User Access to Specific IP Addresses

If you only want specific users or hosts to be able to connect via SSH, you can restrict access by IP address. This is done by editing the configuration file (/etc/ssh/sshd_config) and adding a line for each allowed IP address or range of addresses. The format for restricting access by IP address is −

AllowUsers user@ip-address

For example −

AllowUsers john@192.168.1.100

If you want to allow multiple users or hosts, separate them with spaces.

Disabling Root Login via SSH

A common security recommendation is disabling root login over SSH. By default on Debian Linux systems root login over SSH is usually enabled in /etc/ssh/sshd_config file with PermitRootLogin option set as yes which allows root user login directly over ssh connection. Disabling root login helps to prevent brute-force attacks on your server.

To disable root login via SSH, edit the configuration file (/etc/ssh/sshd_config) and update the line that specifies PermitRootLogin (PermitRootLogin no). After updating the configuration file, restart the SSH service using the command −

$ sudo systemctl restart sshd 

Troubleshooting Common Issues with SSH Connection

Common issues faced while connecting via SSH

Connecting to an SSH server can sometimes be a frustrating experience, especially when you encounter common issues that prevent you from accessing your Debian 9 or 10 server. Two of the most common errors are "Permission denied" and "Connection refused". In many cases, these errors are related to either configuration issues on your local computer or the remote server.

Permission denied error message

The "Permission denied" error message appears when you try to connect to an SSH server and the authentication process fails. This error can occur for several reasons, including incorrect login credentials, incorrect file permissions, or incorrect authentication settings. One common cause is using the wrong username when trying to connect.

Make sure you use the correct username for your account on the remote system. Another reason this error might occur is because of file permissions.

Connection refused error message

The "Connection refused" error message usually occurs when there's no server listening at the port number specified in your ssh command. This means that either there is no SSH daemon running on the remote system or it's listening on a different port number than you're connecting to.

Conclusion

Enabling SSH on Debian 9 or 10 is an important step in securing remote access to your server. We have covered the pre-requisites required for enabling SSH and provided a step-by-step guide to enable it. We also discussed advanced configuration options that can be used to further enhance the security of your SSH server.

It is important to remember that while enabling SSH does provide a secure way to remotely access your server, it is still susceptible to attacks if not configured properly. It is recommended that you regularly update your system and keep an eye out for any suspicious activity on your server.