Sidee si loo soo dajiyo iyo reserved server Ssh on Debian Linux?

Ku xiridda iyo jirrabaya Server Ssh ah

You will need to be root to do the following

su

  1. Ku rakib Server Ssh

    apt install openssh-server
     

  2. Hubi haddii nidaamka server ka jirta. Tani waxay muujinaysaa ku rakib si fiican u baxay.

    ps -A | grep sshd

    Output (ama la mid ah): 1753 ? 00:00:00 sshd

     

  3. Ku rakib Client Ssh si loo hubiyo xidhiidh Server Ssh ah

    apt install openssh-client

    Connect in localhost si ay u tijaabiso xiriir

    ssh localhost

    Sidoo kale login cinwaanka IP interface ah

    Hel IP Address

    ip addr

    Ssh cinwaanka IP

    ssh {ipaddress here}
     

Securing the SSH Server

It is a good idea to secure the SSH server by disallowing root to login and configuring login only by public key i.e. login using passwords is not allowed

Ensure to execute the following commands as your user and not as root

  1. Navigate to the user home directory

    cd
     

  2. Check if .ssh exists

    ls -a
     

  3. If .ssh does not exist, create it

    mkdir .ssh
     

  4. Set the folder permission to 700

    chmod 700 .ssh
     

  5. Create the authorized_keys file

    touch ./.ssh/authorized_keys
     

  6. Change permission on the authorized_keys file to 600

    chmod 600 ./.ssh/authorized_keys
     

  7. Open the authorized_keys file

    nano ./.ssh/authorized_keys
     

  8. Paste your public key into the file

    You can get your public key from the SSH client. If the client is Windows 10 then it will be in the %USERPROFILE%/.ssh/id_rsa.pub file. If the client is Debian then the public key is ~/.ssh/id_rsa.pub.

    If your public key does not exist, generate it on the client machine

    ssh-keygen -t rsa -C "email@domain.com"
     

  9. Change to root user

    su

  10. Configure your SSH server to accept only public key logins and prevent login for root

    nano /etc/ssh/sshd_config

    Uncomment and/or edit the following lines

    PermitRootLogin no
    StrictModes yes
    PubkeyAuthentication yes
    AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2
    PasswordAuthentication no
     

  11. Restart the sshd service

    service sshd restart
     

  12. Try logging in as root from your SSH client using password

    ssh root@{ssh server ip address}

    Output: Permission denied (publickey).

     

  13. Try logging in as username from your SSH client using password

    ssh username@{ssh server ip address}

    Output: Permission denied (publickey).

     

  14. Try logging in as root from your SSH client using the public key

    ssh root@{ssh server ip address} -i .ssh/id_rsa

    Output: Permission denied (publickey).

     

  15. Log in as username from your SSH client using the public key

    ssh username@{ssh server ip address} -i .ssh/id_rsa
     

If your SSH client has a static IP address then you may want to consider only your IP address can login to the SSH server.

Leave a Reply