Install SSH Server with openssh-server Software on Linux

How to install openssh-server on Linux-based computers

Beginner

Video Tutorial

Videos can also be accessed from our Full Stack Playlist 1 on YouTube.

Install SSH server with openssh server software on Linux (4:38)

Code Examples and Video Script

Welcome. Today's question: How do you set up SSH on the server side in Linux? The easy way.

I'm Paul, and it's my mission to make difficult concepts easy.

Step 1 - Overview

Here we're starting a journey in Data Science, which is anything but easy, jumping into a topic, SSH (Secure Shell) that also isn't easy. So here we'll keep it simple and hop over to the server to make sure it will respond to SSH requests.

Then I'll summarize what's different between this, the easy way, and the hard way, which we'll cover in later tutorials.

Then in the next tutorial, we'll set up Secure Shell on the client side. Fair enough?

Step 2 - Set up SSH server software the easy way

Okay, so let's connect to the local server by pointing to its IP address and logging in (plus clearing the screen).

login as: paul paul@192.168.0.15's password: The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. Last login: Wed Jan 25 22:46:21 2017 from 192.168.0.5 paul@fullstack:~$ clear

I'm using a Windows client, and also on that client sits a program called PuTTY that allows me to create a window and communicate using the Secure Shell, or SSH protocol. (So my server already has the SSH server software running, or I wouldn't be able to log into it remotely, right ;)

We use commands all the time, and I'll explain each one later, but for those new to Linux, I'll include a summary of commands by using whatis. That way, if I go too fast, you can catch up later.

paul@fullstack:~$ whatis whatis whatis (1) - display one-line manual page descriptions paul@fullstack:~$ uptime -p up 2 weeks, 2 days, 6 hours, 31 minutes paul@fullstack:~$ uptime uptime (1) - Tell how long the system has been running.

The server has been up for over 2 weeks, yeah but how would we know if the SSH server is running? Obviously it is here, but to verify, we could use ps to see running processes.

paul@fullstack:~$ ps -A (several lines trimmed) 30151 ? 00:00:00 sshd 30157 ? 00:00:00 sshd 30158 pts/0 00:00:00 bash 30173 pts/0 00:00:00 ps

This is the server version here, called sshd, the 'd' is for daemon, which is a type of program that runs in the background.

paul@fullstack:~$ apropos ssh authorized_keys (5) - OpenSSH daemon rlogin (1) - OpenSSH client (remote login program) rsh (1) - OpenSSH client (remote login program) slogin (1) - OpenSSH client (remote login program) ssh (1) - OpenSSH client (remote login program) ssh-add (1) - adds private key identifies to the authentication agent ssh-agent (1) - authentication agent ssh-argv0 (1) - replaces the old ssh command-name as hostname handling ssh-copy-id (1) - use locally available keys to authorise logins on a remote machine ssh-keygen (1) - authentication key generation, management and conversion ssh-keyscan (1) - gather ssh public keys ssh-keysign (8) - ssh helper program for host-based authentication ssh-pkcs11-helper (8) - ssh-agent helper program for PKCS#11 support ssh_config (5) - OpenSSH SSH client configuration files sshd (8) - OpenSSH SSH daemon sshd_config (5) - OpenSSH daemon configuration file paul@fullstack:~$ apropos ssh apropos (1) - search the manual page names and descriptions paul@fullstack:~$ clear

This can get confusing quickly, as demonstrated by a listing of SSH programs including the term 'ssh'. Here are the programs associated with the SSH client (at the top), and the sshd daemon (at the bottom). So if you don't have these, then you need to download programs associated with sshd, because some Linux distributions only include the client versions by default.

paul@fullstack:~$ # apt-get install openssh-server

To get them, you'd type apt-get to download, then install the program openssh-server. You will need superuser privileges to run apt-get. (So put sudo at the start of the line. Also, always precede a sudo apt-get install with an sudo apt-get update to make sure you have the latest list of programs and their locations.)

And if this looks odd (the #), I put it all behind a pound (hash) sign, telling Linux to ignore the line and not run it. (This is essentially a comment).

paul@fullstack:~$ # whatis apt-get apt-get (8) - APT package handling utility - - command-line interface

Open SSH is the most frequently used SSH program for Linux. It is packaged with other utilities, which we will cover later.

paul@fullstack:~$ # whatis scp sftp scp (1) - secure copy (remote file copy program) sftp (1) - secure file transfer program

Now, assuming you've got it, you can do the following by typing the full path to stop it, start it and restart it, which you would do, for example, after making changes to configuration files. (Again, you may need superuser privileges to do this.)

paul@fullstack:~$ # /etc/inid.d/ssh stop paul@fullstack:~$ # /etc/inid.d/ssh start paul@fullstack:~$ # /etc/inid.d/ssh restart

(Again, I put it behind the # so it wouldn't execute.)

Step 3 - Review considerations for an SSH server installation

The easy way

Speaking of configuration, let's head into the nano text editor and jot down a few points about the easy way, we're using here. (Here we are changing directories and opening a new text file on one line.)

paul@fullstack:~$ cd notes; nano video0008.txt

First, we're accepting the default configuration, which should offer adequate security for a local systems like here in my office in California.

GNU nano 2.2.6 File: video0008.txt Secure Shell (SSH) The easy way default settings ssh login install maintain The hard way configuration files ssh key login change ports users limiting failed attempts logging warning page tunneling ^G Get Help ^O WriteOut ^R Read File ^Y Prev Page ^K Cut Text ^C Cur Pos ^X Exit ^J Justify ^W Where Is ^V Next Page ^U UnCut Text ^T To Spell

Second, we only used the SSH login method, followed by how to install and maintain sshd.

The hard way

What we will cover in the hard way, in the future, will be how to make this a whole lot more secure. Starting with fine-tuning the configuration files, especially when the server is accessible across the Internet.

We'll talk about using SSH keys that equate to over 600 random characters, making it more difficult for hackers to crack, plus changing ports, specifying users, limiting failed attempts, logging these attempts, displaying a warning page to would-be hackers, and another important concepts for communicating in the cloud, called tunneling.

Step 4 - Up next: SSH on the Client Computer

So this was the easy version of SSH. We'll return to the topic to expand on security, which is a topic nobody seems to feel very confident about.

This is a picture of our in-development Data Science stack. You are welcome to join at any time.

Client : HTML, CSS, JavaScript
Software : Python Scientific Stack
Data : PostgreSQL, MySQL
OS : Linux (command line), Debian

Next we'll cover the SSH client, on Linux, macOS and Windows.

Have a nice day.