How to remotely manage a Linux server using SSH

s2 0

SSH stands for Secure Shell and is a protocol used to securely access a remote server on a local network or internet for configuration, management, monitoring and troubleshooting, etc.

In this article I am going to discuss how to manage a remote Linux server using SSH.

I’ve executed all of the commands on my Debian 10 machines.

requirements

You must have the following.

  1. Two Debian 10 machines with root privileges.
  2. An IP address, username, and password of the remote computer.
  3. Internet connection on both machines.

How do I install an open SSH server?

After you’ve set up a new Linux machine in your infrastructure, it’s important to prepare it for remote access. Hence, it is imperative to install open ssh on a remote server or machine that you want to access.

Before installing an open SSH server, run the following command to update the repository.

apt-get update

Wait for the process to finish.

After updating the repository, run the following command with root privileges to install an open SSH server.

apt-get install openssh-server

When prompted for confirmation, press ‘y’ on your keyboard and wait for the installation to complete. This can take a few minutes.

Configure SSH server settings

After Open SSh has been installed on the server side, we can edit the basic configuration settings. Open the Terminal and execute the following command with root privileges.

nano /etc/ssh/sshd_config

The following is the sample output.

You can change the various parameters in the above file.

By default, SSH listens on port 22. You can switch to your desired port. You can also change the maximum sessions (MaxSessions) that can be established with the server at the same time, 10 is the default value.

Change the server’s SSH port

As we discussed, by default the server listens on port 22. If you want to configure your server to listen on a specific port, follow these steps.

Open the Terminal and execute the following command with root privileges.

nano /etc/ssh/sshd_config

A file should open as shown in the screenshot above.

Find port 22 or #port 22 and enter your desired port number without the # sign.

It is recommended to use the port number between 1024 – 65535, as 0-1023 ports are reserved for certain services.

Assuming assigning 2222, write the following to the SSH configuration file.

Port 2222

Below is the sample output after changing the port number.

Restart the SSH service by running the following command on the terminal.

service ssh restart

Activate root login on the SSH server

By default, you cannot log in directly to the SSH server with root rights for security reasons. If you want to enable this login, you have to change the configuration file of the SSH server.

Open the terminal and run the following command with root privileges to open the configuration file.

nano /etc/ssh/sshd_config

Add the following line to the authentication block,

PermitRootLogin yes

Below is the sample output after changes have been made to the configuration file.

Allow SSH root login

Restart the SSH service by running the following command on the terminal with root privileges.

service ssh restart

Reduction of failed attempts to log in to the SSH server

By default, you can make 6 attempts to log into the SSH server. As soon as the value reaches half of 6, additional login errors are logged. If you want to change this value, you have to adjust the parameter MaxAuthTries in the SSH server configuration file.

Open the Terminal and execute the following command with root privileges.

Add the following line (assuming you want to set this value to 1) in the authentication block.

MaxAuthTries 1

Below is the sample output after changes have been made to the file.

Configure maximum authentication attempts

Restart the SSH service by running the following command on the terminal with root privileges.

service ssh restart

Below is the sample output.

After a single login failure, you will get a message about too many authentication failures as shown in the following screenshot.

Force the SSH server to listen to certain IPs

By default, the SSH server listens to all IPs assigned to your SSH server. However, by making changes to the configuration file, you can force your SSH server to listen on certain IPs. Here’s how.

Suppose I assigned two IP addresses (10.1.1.2 and 10.1.1.3) to my interface as shown in the following screenshot. I want to force my server to listen to the 10.1.1.2 IP address.

Configure the list IP of the SSH server

Open the terminal and run the following command with root privileges to open the SSH configuration file.

nano /etc/ssh/sshd_config

At the beginning of the file add the following line,

ListenAddress 10.1.1.2

Below is the sample output after changes have been made to the configuration file.

Configure the list IP address

Restart the SSH service by running the following command on the terminal.

Restart the ssh service

Allow or deny specific users or groups to log into the SSH server

By default, any user can log in to the SSH server remotely. However, you can allow or deny specific users or groups to log into the SSH server.

Open the terminal and run the following command with root privileges to open the SSH server configuration file.

nano /etc/ssh/sshd_config

Below is the sample output.

Edit the SSHD configuration file

Suppose you only want to allow the user ‘tony’ to log into the SSH server remotely. No other user can log into the SSH server. If you have multiple users, they should be separated by a space.

Add the following line to the SSH server configuration file.

AllowUsers tony

Below is the sample configuration file after adding the line,

Allow only certain users to connect using SSH

Restart the SSH service by running the following command with root privileges on the terminal:

service ssh restart

If you want to allow all users to connect remotely to the SSH server but deny one or more users, add the following lines to the server configuration file. The users should be disconnected by command. Assuming I just want to deny the ‘tony’ user, add the following line to the server configuration file.

DenyUsers tony

Below is the sample configuration file after adding the above line.

Deny user

Restart the SSH service by running the following command with root privileges on the terminal.

service ssh restart

Similarly, you can allow or deny groups of users to log into the SSH server by adding the following lines to the configuration file.

AllowGroups <groupname>

or

DenyGroups <groupname>

If you want to allow or deny multiple groups, you can separate them with spaces.

The combination of allow and deny is processed in the following order.

DenyUsers, AllowUsers, DenyGroups, and finally AllowGroups

Change grace period for registration

By default, after SSH you have 2 minutes to log in to a remote server. If you cannot log into a remote server within 2 minutes, the SSH connection will be terminated. Here’s how you can change the grace period for signing up.

Open the terminal and run the following command with root privileges to open the server configuration file.

nano /etc/ssh/sshd_config

Below is the sample output.

Change grace period for SSH login

Find the following line,

#LoginGraceTime 2m

Replace this line with your desired grace period, say 1 minute. The complete line should be

LoginGraceTime 1m

Below is the sample configuration file after making changes.

Configure grace period for login

Close the file and restart the SSH service by running the file command.

service ssh restart

How to install the OpenSSH client

The Debian 10 machine that is supposed to access a remote machine or server is called the client and we need to install ‘Open SSH client’ on it.

Open the terminal and run the following command to update the repository.

apt-get update

Wait for the process to finish.

Once the repository is updated, run the following command to install an open SSH client.

apt-get install openssh-client

When prompted for confirmation, press Y on the keyboard. Installation may take a few minutes, so please be patient.

Run the following command on both the client and the server to confirm that the SSH service is running.

Install the OpenSSH client

Once SSH is running on both the client and the server on a remote computer, we can begin remote administration.

Connect to a remote Debian 10 server using SSH

To connect to the remote Debian 10 machine, you need its IP address, username and password.

The following is the full syntax of the command when your SSH server is listening on standard port 22.

ssh <[email protected]>

You will be prompted to enter a user password, type it using the keyboard, and press Enter.

For example, suppose the user is Tony and the IP address of the remote machine is 10.1.1.2. Run the following command on the terminal.

ssh [email protected]

Below is the sample output.

Remote connection via ssh.  produce

You should now be securely connected as shown in the screenshot above.

However, if your SSH server is listening on a different port (say 2222). The full syntax of the command should be as follows.

ssh -p [email protected] address

For example, suppose the user is Tony and the IP address of the remote machine is 10.1.1.2. Run the following command on the terminal.

ssh -p 2222 [email protected]

SSH connection

diploma

So that was the tutorial on how to remotely manage a Linux server using SSH. I hope you liked it.

How to remotely manage a Linux server using SSH