How to Enable SSH on Debian 12

March 20, 2024

Home » SysAdmin » How to Enable SSH on Debian 12

Introduction

SSH (Secure Shell) is a cryptographic network protocol that allows secure communication between two computers over an unsecured network.

SSH provides a secure way to access a Debian system remotely over a network. It encrypts the communication between the client and the server, protecting sensitive information such as passwords and data transferred over the network.

The following text will show you how to enable SSH on Debian 12.

Prerequisites

An SSH server and a client (this tutorial uses Debian 12 for the server).
sudo privileges for each system.
Access to the terminal.

How to Enable SSH on Debian

A secure connection is important when connecting remotely. Otherwise, the machine's security is compromised. The following five steps explain how to enable SSH and establish a secure connection on Debian.

Step 1: Update the Package Manager

Before installing new software, update the software repository list on both machines with the following command:

sudo apt update

sudo apt update terminal output on server machine

The output for the server machines shows the update process. The same process happens on the client's computer.

Step 2: Install SSH Server

On the system that acts as a server, run the following command:

sudo apt install openssh-server

sudo apt install openssh-server terminal output

Once the installation completes, check the SSH service status with the following command:

sudo systemctl status ssh

sudo systemctl status ssh terminal output

The system confirms the SSH service is running.

Step 3: Start and Stop the SSH Server

In case the SSH status is not active, start the service with:

sudo service ssh start

The command has no output. To stop the SSH host server, enter the following:

sudo service ssh stop

The command shows no output. However, if you check the service status, the system indicates the SSH is inactive and shows the exact date and time it stopped.

sudo systemctl status ssh inactive terminal output

The service will be stopped only until the next reboot. To turn off SSH indefinitely, enter:

sudo systemctl disable ssh

sudo systemctl disable ssh terminal output

To enable the SSH service again, run:

sudo systemctl enable ssh

sudo systemctl enable ssh terminal output

Step 4: Get Your Server IP Address

When configuring a server locally, use the terminal to find your IP address with the ip command:

ip a

The 192.168.0.31 private IP address is associated with the network interface enp0s3. This interface is typically used for communication with other devices on the network.

Note: If you're connecting from outside the local network, determine the public IP address of the machine you want to connect to. To find it, use curl ifconfig.me.

Step 5: Install SSH Client Service

By default, most Linux systems have the SSH client installed. If yours doesn't, enter the following command in the client machine terminal:

sudo apt install openssh-client

How to Connect to a Server Using SSH

Once both the client and the server machine are set up, connect to the server from the client machine using SSH via the following command:

ssh UserName@IPAddressOrHostname

The command consists of:

ssh. The primary command-line tool for SSH connections.
UserName. The username used to log in to the remote machine. Replace with the authorized user username on the server machine. In this example, it's sara.
IPAddressOrHostname. The IP address, domain, or hostname of the remote machine you want to connect to. This example uses the IP address 192.168.0.31.

Therefore, in this example, the command is:

ssh sara@192.168.0.31

The remote system prompts for a password. Once completed, the terminal changes to username@hostname (in this case, sara@pnap), indicating the commands you run are being executed on the remote server.

How to Configure Firewall for SSH

Configuring the firewall for SSH is an essential step when enabling SSH because it ensures SSH traffic is allowed through the firewall. In some cases, firewalls block incoming connections to the system as a security measure. Therefore, to allow SSH connections from other machines, configure the firewall to permit SSH traffic.

To allow SSH access, use the command:

sudo ufw allow ssh

When you run this command on the server machine, it adds a rule to the UFW firewall configuration that permits incoming SSH traffic on the default SSH port (TCP port 22). This allows clients to connect to the SSH server running on the server machine.

Port Forwarding

To enhance security when accessing an SSH server from outside your local network, configure port forwarding using the firewall or router settings. Port forwarding lets external traffic access services on the private network by directing incoming traffic from a router's specific port to a corresponding port on a local machine.

For detailed instructions, refer to the firewall or router documentation.

Note: By default, SSH uses port 22 for communication. You can configure a firewall or router to accept SSH traffic on a different port. This is a helpful solution when opening up your server to the internet traffic. Changing the port restricts access to only those who know the correct port, thereby limiting unauthorized connections.

Conclusion

By following the steps outlined in this article, you have successfully enabled an SSH connection on Debian. You can now connect to a remote host securely and continue to manage your servers in a safe environment.

Next, learn about ten SSH commands in Linux.

Was this article helpful?

YesNo

X (Twitter) Facebook LinkedIn Email

Vladimir Kaplarevic

Vladimir is a resident Tech Writer at phoenixNAP. He has more than 7 years of experience in implementing e-commerce and online payment solutions with various global IT services providers. His articles aim to instill a passion for innovative technologies in others by providing practical advice and using an engaging writing style.

Next you should read