How to Set Up and Secure Your First SSH Server on Linux Setting up a Secure Shell (SSH) server turns a standard Linux machine into a powerful, remotely manageable resource. Whether you are managing a home lab or configuring a cloud instance, SSH allows you to execute commands securely across an unencrypted network.
However, exposing an SSH service to the internet means facing immediate automated brute-force attacks. This step-by-step guide covers how to install the OpenSSH server and harden its configuration to protect your infrastructure. Part 1: Installing OpenSSH Server
Most modern Linux systems come equipped with an SSH client, but you must manually install the server daemon (sshd). On Debian / Ubuntu Systems
Update your system packages and install openssh-server using the Ubuntu Package Manager: sudo apt update sudo apt install openssh-server -y Use code with caution. On RHEL / CentOS / Fedora Systems
Install the OpenSSH package using the Fedora DNF Package Manager: sudo dnf install openssh-server -y Use code with caution. Enable and Verify the Service
Once installed, use systemctl to start the service and configure it to launch automatically whenever the machine boots: sudo systemctl enable sshd –now sudo systemctl status sshd Use code with caution. Look for an active (running) status in the command output. Part 2: Hardening Your SSH Configuration
The default configuration of OpenSSH functions adequately but exposes your server to significant security vectors. To configure security parameters, modify the main configuration file at /etc/ssh/sshd_config.
Before altering anything, back up the original configuration: sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak Use code with caution. Open the file with an editor like nano: sudo nano /etc/ssh/sshd_config Use code with caution.
Update or add the following directives into the file to significantly tighten your host security: 1. Disable Root Logins
The root user is the primary target for automated scripts. Forcing administrative access through a standard user via sudo adds a critical layer of access control. the basics of secure shell (ssh)
Leave a Reply