Configuring SSH Server
Guide for learning how to setup and configure SSH server on Linux (debian).
Getting Started
Install SSH Server
1
sudo apt install openssh-server
Server Config
Located at /etc/ssh/sshd_config, this file contains configuration settings for your SSH server.
If anything in here is changed, the SSH server daemon needs to be restarted:
1
sudo systemctl restart ssh
Connection Banner
This is displayed when you attempt to SSH to a server. This is shown before you authenticate.
- Open
/etc/ssh/sshd_config. - Add Banner file location:
1 2 3 4
------ #Banner none Banner /etc/ssh/welcome_banner -------
- Restart SSH server daemon.
1
sudo systemctl restart ssh
Login Welcome Message
This is the message that is shown after you successfully login. Edit the /etc/motd file to display your custom text.
Passwordless SSH Authentication
Enable Passwordless Authentication
Update the following line in /etc/ssh/sshd_config:
1
PubkeyAuthentication yes
Restart SSH server daemon:
1
sudo systemctl restart ssh
(Optional) Disable Password Authentication
Update the following line in /etc/ssh/sshd_config:
1
PasswordAuthentication no
Creating SSH Key Pairs
Choose one of the following methods:
1
2
3
4
ssh-keygen -t rsa -b 4096
ssh-keygen -t dsa
ssh-keygen -t ecdsa -b 521
ssh-keygen -t ed25519
dsais supported, but not recommended.
Authorized Keys
The /home/USER/.ssh/authorized_keys file on an SSH server contains a list of the public keys that can be used to log into the server. To login, the corresponding private must be used. This file can changed via the server config file if desired.
SSH Private Keys
Private keys are normally stored in the /home/USER/.ssh/ directory. These are used to connect to an SSH Server.
Private keys must have the permission 600, otherwise the key may be rejected.
Update permissions using the following command:
1
chmod 600 PRIVATE_KEY_FILE