How to remotely manage a Linux server using SSH

SSH stands for Secure Shell, and it is a protocol that is used to securely access a remote server on a local network or the Internet to configure, manage, monitor and troubleshoot, etc.

In this article, I am going to discuss how you can manage a remote Linux server using SSH.

I executed all the commands on my Debian 10 machines.

Background

You need to have the following.

  1. Two Debian 10 root machines.
  2. The IP address, username and password of the remote computer.
  3. Internet on both machines.

How to install an open SSH server?

Once you have configured the new Linux machine in your infrastructure, it is important to prepare it for remote access. Therefore, be sure to install open ssh on a remote server or computer that you are trying to access.

Before installing an open SSH server, run the following command to update the repository.

apt-get update

Wait for the operation to complete.

After updating the repository, run the following command with root privileges to install an open SSH server.

apt-get install openssh-server

When asked to confirm, press “y” on the keyboard and wait for the installation to complete. This may take several minutes.

Configure SSH Server Settings

After installing Open SSh on the server side, we can edit its basic configuration parameters. Open a terminal and run the following command as root.

nano /etc/ssh/sshd_config

The following is an example output.

You can change various parameters in the above file.

By default, SSH listens on port 22. You can select the desired port. You can also change the maximum number of sessions (MaxSessions) that can be installed on the server at the same time, 10 is the default value.

Changing the SSH server port

As we said, the server listens on port 22 by default. If you want to configure your server to listen on a specific port, here is the procedure.

Open a terminal and run the following command as root.

nano /etc/ssh/sshd_config

The file should be open, as shown in the screenshot above.

Locate port 22 or # Port 22 and enter the desired port number without the # sign.

It is recommended that you use a port number from 1024 to 65535, since ports 0-1023 are reserved for specific services.

Suppose to assign 2222, write the following to the SSH configuration file.

Port 2222

The following is an example of output after changing the port number.

Change SSH Port

Restart the SSH service by running the following command on the terminal.

service ssh restart

Enabling root login on an SSH server

By default, you cannot directly log in to the SSH server with root privileges for security reasons. If you want to enable this login, you need to make changes to the SSH server configuration file.

Open a terminal and run the following command with root privileges to open the configuration file.

nano /etc/ssh/sshd_config

Add the following line to the authentication block,

PermitRootLogin Yes

The following is an example of output after making changes to the configuration file.

Allow SSH root login

Restart the SSH service by running the following command on a terminal with root privileges.

service ssh restart

Reducing unsuccessful SSH server login attempts

By default, you can make 6 attempts to log in to the SSH server. As soon as the value reaches half of 6, additional logon errors are logged. If you want to change this value, you need to configure the MaxAuthTries parameter in the SSH server configuration file.

Open a terminal and run the following command as root.

Add the following line (suppose you want to set this value to 1) in the authentication block.

MaxAuthTries 1

The following is an example of output after making changes to the file.

Set the maximum number of authorization attempts

Restart the SSH service by running the following command on a terminal with root privileges.

service ssh restart

The following is an example output.

After one failed login, you will receive too many authentication error messages, as shown in the following screenshot.

Forcing the SSH server to listen on specific IP addresses.

By default, the SSH server listens for all IP addresses assigned to your SSH server. However, by making changes to the configuration file, you can force your SSH server to listen on specific IP addresses. Here is how.

Suppose I have two IP addresses (10.1.1.2 and 10.1.1.3) assigned to my interface, as shown in the following screenshot. I want to make my server listen on the IP address 10.1.1.2.

Configure IP SSH server listening

Open a terminal and run the following command with root privileges to open the SSH configuration file.

nano /etc/ssh/sshd_config

Add the following line at the top of the file,

ListenAddress 10.1.1.2

The following is an example of output after making changes to the configuration file.

Setting IP Listening

Restart the SSH service by running the following command on the terminal.

restart ssh service

Allow or deny specific users or groups to log in to the SSH server

By default, each user can log in to the SSH server remotely. However, you can allow or deny certain users or groups to log in to the SSH server.

Open a terminal and run the following command with root privileges to open the SSH server configuration file.

nano /etc/ssh/sshd_config

The following is an example output.

Edit SSHD Config File

Suppose you want to allow only the Tony user to log on to the SSH server remotely. No other user can log in to the SSH server. If you have multiple users, they should be separated by a space.

Add the following line to the SSH server configuration file.

AllowUsers tony

The following is an example configuration file after adding a line,

Allow only specific users to connect to SSH

Restart the SSH service by running the following command with root privileges on the terminal:

service ssh restart

Similarly, if you want to allow all users to remotely connect to the SSH server, but want to block one or more, add the following lines to the server configuration file. Users must be separated by command. Suppose I want to prevent only user tony from adding the following line to the server configuration file.

DenyUsers tony

The following is an example configuration file after adding the line above.

Deny Users

Restart the SSH service by running the following command with root privileges on the terminal.

service ssh restart

In the same way, you can enable and disable user groups to log in to the SSH server by adding the following lines to the configuration file.

AllowGroups 

or

DenyGroups 

If you have several groups to allow or deny, you can separate them with a space.

The combination of allow and deny is processed in the following order.

DenyUsers, AllowUsers, DenyGroups and finally AllowGroups

Change grace time entry

By default, you have 2 minutes to log in to the remote server after SSH. If you cannot log in to the remote server within 2 minutes, SSH will disconnect. Here’s how you can change the log-in delay time.

Open a terminal and run the following command with root privileges to open the server configuration file.

nano /etc/ssh/sshd_config

The following is an example output.

Change SSH grace time

Find the next line,

#LoginGraceTime 2m

Replace this line with the desired grace time, say 1 minute. The full line should be

LoginGraceTime 1m

The following is an example configuration file after making changes.

Set grace time for logging in

Close the file and restart the SSH service by issuing the file command.

service ssh restart

How to install the OpenSSH client

The Debian 10 computer that will access the remote computer or server is called the client, and we need to install an “open SSH client” on it.

Open a terminal and run the following command to update the repository.

apt-get update

Wait for the operation to complete.

Once the repository is updated, run the following command to install the open SSH client.

apt-get install openssh-client

When asked to confirm, press Y on the keyboard. Installation may take several minutes, so please be patient.

Run the following command on both the client and server to verify that the SSH service is running.

Install OpenSSH Client

As soon as SSH is launched both on the client and on the server on the remote machine, we can begin remote management.

Connecting to a Debian 10 Remote Server Using SSH

To connect to a remote Debian 10 computer, you need to have its IP address, username and password.

The following is the complete command syntax if your SSH server is listening on the default port 22.

Ssh <[email protected]>

You will be asked to enter the user password, enter it from the keyboard and press Enter.

Suppose the user is tony, and the IP address of the remote computer is 10.1.1.2. Run the following command on the terminal.

ssh [email protected]

The following is an example output.

Connect remotely via SSH

You should now be connected securely, as shown in the screenshot above.

However, if your SSH server is listening on some other port (suppose 2222). The full command syntax should be as follows.

ssh -p [email protected] address

Suppose the user is tony, and the IP address of the remote computer is 10.1.1.2. Run the following command on the terminal.

ssh -p 2222 [email protected]

SSH connection

Conclusion

So this was a Linux Server remote management guide with SSH. I hope you enjoyed it.

How to remotely manage a Linux server using SSH

Related Posts