Today i will show you how to install and configure SSH on your Linux sever machine. We need OpenSSH server to install 1st to work on SSH. The process of installation for different distros have different approach.

Open terminal and become root:

su -

For Debian based distros like Ubuntu/Debian:

apt-get install openssh-server

For RPM based distros like openSUSE:

zypper install openssh-server

Now is time to start the SSH server,

/etc/init.d/ssh start

The above command also need root privileges and run it after installation of SSH server.

Now we need to perform some security measures to avoid security risks. Simply go to sshd-config file and edit these things.

vim /etc/ssh/sshd-configure

Now we are in the file, before proceeding further, let me give some hints how to work in VIM.

After entering to the file, Hints for Vim:

  • To write any thing press the INSERT key from keyboard.
  • After writing and confirming what you wrote, press ESC key to exit writing mode.
  • To save the changes, hold SHIFT key and press Z twice and you are done.

Now back to the file, things we need to change for security reason:

Search for PermitRootLogin without quotes and change yes to no like:

From,

PermitRootLogin yes

To,

PermitRootLogin no

Its because we don’t need root user to access the server, most of the attackers use root as userid to hack a server. It has advantages like, when enter to server through normal user you can login as root after access to server and exit after work done. By adding this to the security measures you shut one door hole for the attackers.

Now is time to change port from default 22 to some thing high number. Anything you have in mind, but should not be very simple to guess. Search for Port keyword and change the number to any number like, (5000 and maximum number). It is a known fact that there are lots of individuals who will sniff for the default ports(in the lower range) and then will try different algorithms to log in using lists of different user names.

For Port changing, you will need some changes in router to allow different ports access from external connection to your server. But some time it need changes some time not, it depends on how you configured your router before.

The last and more important one, search for this word at the end of the file AllowUsers without quotes, if it is not there you can add it at the end of the file.

AllowUsers jelly bobwill arif

In the above line, three users will be able to access the machine, you can add more users separated by space. It will provide more security to just check for the user names specified here, other user names will be ignored including root.

There are also some more security measures, but these will make sure that your server is safe from attackers to get access to it.

Now is time to restart the SSH server,

/etc/init.d/ssh restart

If you want to stop the server, command for it is:

/etc/init.d/ssh stop

You can try to login to your server through SSH from remote machines now.