×

This article covers how to install and Enable SSH service on Debian 9 system. In short, SSH stands for Secure Shell. SSH is used for connecting to a remote computer accessing files and perform administrative tasks. You can now login remotely to your server using any SSH client from Linux or Windows system. To increase security of SSH connection by Changing default SSH port to custom one on you system. Get more details about SSH server from official SSH site.


How to Install SSH Server ?

On the system that acts as a server, run the following command:

$ sudo apt install openssh-server

You can check the status of the SSH service with the following command:

$ sudo systemctl status ssh

The system confirms that the SSH service is running.



This article covers how to enable ssh passwordless login using ssh-keygen and ssh-copy-id. In fact, SSH (Secure SHELL) can be used to transfer files from one computer to another computer over the network using a secure copy (SCP) Protocol.

ssh-keygen creates the public and private keys. ssh-copy-id copies the local-host's public key to the remote-host's authorized_keys file. ssh-copy-id also assigns proper permission to the remote-host's home, ~/.ssh, and ~/.ssh/authorized_keys.



This article covers how to install Fail2ban and protect SSH from illegitimate attempts. For webmasters or anyone managing Linux server that is accessible over the Internet, the risks of the server being compromised is high, so implementing best security practices to help mitigate these attacks should be a priority. In fact, Fail2ban is a tool that help protect Linux servers from brute force and other automated attacks by monitoring the services logs for malicious activity. It uses regular expressions to scan the server's logs for malicious attempts and bans offending IPs for a specific length of time using the system's firewall.


How to Install Fail2ban on any Linux system ?

Fail2ban packages are automatically included in Ubuntu repositories. To install it, simply run the commands below:

$ sudo apt update
$ sudo apt install fail2ban

Once the installation is complete, the service should automatically start up and ready to be configured.

To check if the service is up and operational, run the commands below:

$ sudo systemctl status fail2ban



This article covers how to install ImageMagick on the CentOS machine via different methods. Infact, ImageMagick provides a graphical interface for working with images, it also provides commands to resize an image, blur, crop, draw on, flip, join, re-sample, and much more.



This article covers how to define a new UFW rule for limiting SSH access on your Linux Mint 20 system. In fact, UFW, short for "uncomplicated firewall", is a frontend for the more complex iptables utility. It's designed to make managing a firewall as simple as setting ports to be open and closed, and regulating what traffic is allowed to go through.


How to install UFW on Ubuntu / Debian ?

UFW is installed by default in Ubuntu, but if it's not you can install it from apt:

$ sudo apt-get install ufw

If you're running another distro, you'll have to use that distro's package manager, but UFW is widely available. You can check the status of the firewall with:

$ sudo ufw status



This article covers different methods of checking if SSH is running on your Linux Mint 20 system or not. Enabling SSH on Ubuntu is one of the tasks to do after the fresh installation of OS and helps you to connect your system remotely and perform tasks securely.


How to Allow SSH in Firewall ?

You may need to allow SSH incoming connections in firewall. So, use the below command to create a rule in UFW to allow SSH connections from external machines.

$ sudo ufw allow ssh
$ sudo ufw enable
$ sudo ufw reload


How to Disable SSH on Ubuntu / Linux Mint / Debian ?

For any reason you want to disable SSH on your system, you can just stop the SSH service by running the below command:

$ sudo systemctl stop ssh

Also, you need to disable the SSH service so that it doesn't start on system reboot:

$ sudo systemctl disable ssh



This article covers how to enable SSH on a CentOS machine and connect to it using a client machine. If you want to make your remote access secure, Read our post on the Best Ways to Secure Your SSH Server.

SSH provides the ability to transfer files between remote systems. When a user logs into a remote system using SSH, they receive a command prompt allowing them to enter commands on the remote system as if they were sitting at the remote system and had opened a terminal session.


How to Install OpenSSH Server Software Package ?

Enter the following command from your terminal to start the installation process:

$ sudo yum –y install openssh-server openssh-clients

This command installs both the OpenSSH client applications, as well as the OpenSSH server daemon, sshd.



This article covers methods of hardening SSH servers that help to avoid different security risks. With the advancements in technology, many business processes we carry out today heavily relies on the internet, online tools and connected devices. That is why taking the necessary precautions to ensure the network security has utmost importance. If an organization fails to secure their network, they are open to cyber attacks which can result in data breaches, losing digital assets, losing business and even going out of business.


How to secure SSH ?

If you want to make sure that your SSH server is impenetrable and secure, you should follow the steps below:

  • Set a custom SSH port. By default, SSH is set to be listening on port 22. Unfortunately, almost all cyber attackers know that. That is why changing it to something random like Port 821 offers an additional layer of security by obscurity.
  • Employ TCP wrappers. TCP Wrappers offer a host-based ACL protection that will allow you to sort out and filter who is able to access the SSH server.
  • Disable root login. Another default setting of the SSH server is that it allows root login on Unix and Linux operating systems. Since this feature can easily be exploited by the cyber attackers, we advise you to disable it.
  • Disable empty passwords. Again, in Unix and Linux operating systems, SSH server allows the users to create empty passwords which practically mean keeping the door open for intruders. Make sure that no user opts for an empty password by disabling the option.
  • Block SSH brute force attacks. In order to do so, you can opt for manually going through the system logs, detect the intruders and block them by using the firewall. Another (and much easier) method is using tools like Fail2ban, SSHGuard and such.



This article covers different ways of keeping SSH sessions alive and preventing them from needlessly timing out. These are handy tips that you can use especially when there are no associated risks with someone taking over your SSH session when you are away. SSH sessions will timeout and the client will automatically be disconnected from the server after being idle or inactive for a while. 


To Avoid SSH timeout from the server:

1. Edit SSHd configuration file using your favorite editor,

$ sudo vi /etc/ssh/sshd_config

2. Set these options as the followings:

TCPKeepAlive no 
ClientAliveInterval 30
ClientAliveCountMax 240

Here, the server will not send the TCP alive packet to check if the client's connection is working, yet will still send the encrypted alive message every 30 seconds. It will only disconnect after at least 2 hours of inactivity. 



This article covers how to change the ssh port on Ubuntu Linux server. You can easily change the SSH Port for Your Linux server. For better security, consider using SSH passwordless authentication with SSH public/private key pair.

The ssh port defined in sshd_config file. This file located in /etc/ssh/sshd_config location.

To open the new port run the following commands on Fedora/CentOS/RHEL/Oracle Linux using FirewallD:

$ sudo firewall-cmd --permanent --zone=public --add-port=2222/tcp
$ sudo firewall-cmd --reload


How to Restart the sshd service ?

Type the following command on a CentOS/RHEL/Fedora Linux:

$ sudo service sshd restart

OR if you are using CentOS/RHEL/Fedora Linux with systemd:

$ sudo systemctl restart sshd

OR if you are using Ubuntu/Debian/Mint Linux:

$ sudo service ssh restart

OR if you are using Ubuntu/Debian/Mint Linux with systemd:

$ sudo systemctl restart ssh

Or if you are using FreeBSD Unix, enter:

$ sudo service sshd restart



This article covers how to Install putty on CentOS 8. With putty, you can easily connect your Linux system to a remote system. Putty is a free and open source ssh & telnet client. Putty is available for Windows, Linux, Unix and macOS. Using putty, we can access the remote servers and switches over ssh protocol. It can also be used to take serial console of remote systems.


How to perform Putty Installation on CentOS / RHEL / Fedora ?

Putty package is available in the default CentOS and RHEL repositories. So, to install putty run:

$ sudo yum install putty -y

Or

$ sudo dnfs install putty -y



This article covers how to create a new SSH key pair and set up an SSH key-based authentication. You can set up same key to multiple remote hosts on CentOS system. Also, you will learn how to disable SSH password authentication.

SSH, or secure shell, is an encrypted protocol used to administer and communicate with servers. When working with a CentOS server, chances are, you will spend most of your time in a terminal session connected to your server through SSH.

SSH keys are typically configured in an authorized_keys file in . ssh subdirectory in the user's home directory. Typically a system administrator would first create a key using ssh-keygen and then install it as an authorized key on a server using the ssh-copy-id tool.

The public key should be stored in the ~/. ssh/authorized_keys file on the server.


To Create the RSA Key Pair:

1. Execute the command below to create a key pair on the client machine (usually your computer):

$ ssh-keygen

2. Press ENTER to save the key pair into the .ssh/ subdirectory in your home directory, or specify an alternate path.


Best Practices to improve SSH Key Security:

  • Discover all SSH Keys and Bring Under Active Management.
  • Ensure SSH Keys Are Associated With a Single Individual.
  • Enforce Minimal Levels of User Rights Through PoLP.
  • Stay Attentive to SSH Key Rotation.
  • Eliminate Hardcoded SSH Keys.
  • Audit All Privileged Session Activity.



This article covers how to install and Enable SSH service on Ubuntu 18.04 system. You can now login remotely to your server using any SSH client from Linux or Windows system. To increase security of SSH connection by Changing default SSH port to custom one on you system. Get more details about SSH server from official SSH site.

When establishing a remote connection between a client and a server, a primary concern is ensuring security. For Linux users, the best practice of accessing and managing your server remotely is through the cryptographic protocol known as Secure Shell (SSH).


How to Enable SSH on Ubuntu ?

1. To install SSH, first update the package repository cache with:

$ sudo apt-get update

2. Now install the OpenSSH software package by entering:

$ sudo apt-get install openssh-server

If prompted, type in your password and press y (yes) to permit the installation.

3. To verify the installation was successful and SSH is running use the command:

$ sudo service ssh status

The confirmation message that you are looking for is: Active: active (running).



This article covers how to change SSH port on your Linux system. SSH (Secure shell) is a cryptographic network protocol used to connect to a remote server securely and it transfer the data in encrypted form between the host and the client.

The default TCP port for SSH is 22, and by changing this default port to the other, it can prevent automated bots and malicious users from being brutally forced into the server.

Before changing the default SSH port number, can check the current port with the below command:

# netstat -ntlp | grep ssh


To change the SSH port:

1. Open the main SSH daemon configuration file /etc/ssh/sshd_config:

# vi /etc/ssh/sshd_config

2. Now search line begins with Port 22 and add hashtag (#) in front of that line. 

3. Then add a new Port line below with the custom port.

Note: Replace the sample port number with the custom port number that needs to be set.

4. Save and exit.


How to Restart the SSH daemon for the changes to take effect ?

Run the below commands to restart the SSH daemon and verify that the port changed:

# systemctl restart sshd
# netstat -ntlp | grep ssh



This article covers how to create a new SSH key pair and set up an SSH key-based authentication. You can set up same key to multiple remote hosts. Also, you will learn how to disable SSH password authentication. SSH stands for Secure Shell and works as a method to establish remote connections between computers. SSH is usually used to log in and manage a remote server.

SSH key pairs can be used to authenticate a client to a server. The client creates a key pair and then uploads the public key to any remote server it wishes to access. This is placed in a file called authorized_keys within the ~/. ssh directory in the user account's home directory on the remote server.


To Disable Password Authentication:

Disabling password authentication is a security precaution. It prevents brute-force attacks against attempting to log in to the server.

1. Start by logging into the remote server:

$ ssh user@hostname

2. Next, edit the sshd_config file in a text editor of your choice (we are using nano):

$ sudo nano /etc/ssh/sshd_config

3. Find and modify the following lines to look as follows:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

4. Write the changes, then exit the editor. Restart the SSH service by entering the following:

$ sudo systemctl restart ssh



This article covers how to enable and disable root user account in Ubuntu system. Considered the most privileged account on a Unix system, root can perform any tasks needed for system administration.

Navigating a specific folder, killing any process or deleting a directory, root is so powerful that it has to be managed properly.


In order to change the root password, you have to use the "passwd" and specify the root account:

$ sudo passwd root

After changing your password, the account will be automatically unlocked.

In order to switch to the root account, you can use the well-known "su" command without any arguments (the default account is root):

$ su - 


To restart your SSH server for the modifications to be taken into account:

$ sudo systemctl restart sshd



This article covers how to setup an SSH key-based authentication as well how to connect to your Linux server without entering a password.
To set up a passwordless SSH login in Linux all you need to do is to generate a public authentication key and append it to the remote hosts ~/.ssh/authorized_keys file.

To Disable SSH Password Authentication
To add an extra layer of security to your server you can disable the password authentication for SSH.
Before disabling the SSH password authentication make sure you can log in to your server without a password and the user you are logging in with has sudo privileges.
The following steps describe how to configure sudo access:
1. Log into your remote server with SSH keys, either as a user with sudo privileges or root:

# ssh sudo_user@server_ip_address

2. Open the SSH configuration file /etc/ssh/sshd_config, search for the following directives and modify as it follows:

/etc/ssh/sshd_config
PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

3. Once you are done save the file and restart the SSH service.
On Ubuntu or Debian servers, run the following command:

# sudo systemctl restart ssh

On CentOS or Fedora servers, run the following command:

# sudo systemctl restart sshd



This article covers how you can install Putty on your Ubuntu OS. Now you can use your Putty SSH client on Linux to connect to remote systems. For more help regarding Putty, visit its user manual.


PuTTY is a popular terminal emulator for Windows, but it is not only limited to Windows operating system. 

Being free and open source, it is popular among Linux users too. PuTTY supports a wide range of protocols such as serial, SSH, Telnet, rlogin, SCP, SFTP etc. 

Sysadmins generally use PuTTY as an SSH and telnet client whereas the Maker community widely uses PuTTY for interfacing with the serial ports on their hardware. 

PuTTY ships with a command line tool named "psftp", the PuTTY SFTP client, which is used to securely transfer files between computers over an SSH connection. 


To install PuTTY on Ubuntu:

1. In order to install Putty, you will need to ensure that the Universe repository is enabled on your Ubuntu system. If it is not already enabled, you can enable it by using the following command in Terminal:

$ sudo add-apt-repository universe

When prompted for the password, enter the sudo password.

2. After enabling the Universe repository, now you can install Putty on your system. Issue the following command in Terminal in order to do so:

$ sudo apt install putty

When prompted for the password, enter the sudo password.



This article covers the installation of Fail2ban and the configuration of an sshd filter. There are so many options to configure but we focused on the basic ones. Feel free to peruse the Fail2ban man pages by running man fail2ban to discover what more you can do with it.

Fail2ban is a free, open-source and widely used intrusion prevention tool that scans log files for IP addresses that show malicious signs such as too many password failures, and much more, and it bans them (updates firewall rules to reject the IP addresses). 

By default, it ships with filters for various services including sshd.


To install  and configure Fail2ban on CentOS/RHEL 8:

1. After logging into your system, access a command-line interface, then enable the EPEL repository on your system:

# dnf install epel-release

OR

# dnf install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm

2. Afterward, install the Fail2ban package by running the following command:

# dnf install fail2ban

3. To start and enable the fail2ban service for now and check if it is up and running using the following systemctl command:

# systemctl start fail2ban
# systemctl enable fail2ban
# systemctl status fail2ban



This article covers steps to setup and new SFTP server by making the ssh configuration changes, adding new users, and assigning the required directory permissions. You can add as many users as you want or simply create a new group and make new users part of that group.

FTP is a great protocol for accessing and transferring files, but it has the shortcoming of being a clear text protocol. 

In other words, it's not secure to use over an internet connection, since your credentials and data are transmitted without encryption. 

The 'S' in SFTP stands for 'Secure' and tunnels the FTP protocol through SSH, providing the encryption needed to establish a secure connection.


To Configure SSH daemon on Ubuntu:

1. SFTP requires SSH, so if SSH server is not already installed on your system, install it with the following command:

$ sudo apt install ssh

2. Once SSH is installed, we need to make some changes to the SSHD configuration file. Use nano or your favorite text editor to open it:

$ sudo nano /etc/ssh/sshd_config

3. Scroll to the bottom of the file and add the following 5 lines at the very end and save file:

Match group sftp
ChrootDirectory /home
X11Forwarding no
AllowTcpForwarding no
ForceCommand internal-sftp

4. Restart the SSH service for these new changes to take effect:

$ sudo systemctl restart ssh



This article covers methods to reboot the Linux Mint. If you want to shut down your Linux Mint instead of rebooting, Learn How to Shutdown Linux Mint 20 .

Rebooting is the same as restarting, and close enough to powering off and then turning off your device. The purpose is to close and reopen the operating system. Resetting, on the other hand, means taking the device back to the state in which it left the factory. Resetting wipes all your personal data.


The systemctl command accepts, among many other options, halt (halts disk activity but does not cut power) reboot (halts disk activity and sends a reset signal to the motherboard) and poweroff (halts disk acitivity, and then cut power). These commands are mostly equivalent to starting the target file of the same name.


To reboot Linux:

1. To reboot the Linux system from a terminal session, sign in or "su"/"sudo" to the "root" account.

2. Then type " sudo reboot " to reboot the box.

3. Wait for some time and the Linux server will reboot itself.


To shut down Linux Mint:

Execute the following command:

sudo chmod u+s /sbin/shutdown

You will be prompted for your root password. After that, you're done and can type "exit" to exit out of the Terminal.


Linux Commands to Shutdown and Reboot the System:

1. Linux shutdown / reboot command. On Linux, like all tasks, the shutdown and restart operations can also be done from the command line.

2. "shutdown" command.

3. "reboot" command.

4. "halt" command.

5. "poweroff" command.

6. REISUB - R E I S U B key strokes.



This article will guide you on the different methods through which you can effectively reboot your #Ubuntu 20.04 system without any difficulty. 

To #reboot immediately, append the -r flag: $ sudo shutdown -r now. 

To power down immediately: $ sudo shutdown -P now. 

You can use the poweroff #command: $ poweroff. 

To reboot after 10 minutes: $ sudo shutdown -r 10.


To reboot Linux using the command line:

1. To reboot the Linux system from a terminal session, sign in or "su"/"sudo" to the "root" account.

2. Then type " sudo reboot " to reboot the box.

3. Wait for some time and the Linux server will reboot itself.



This article will guide you on how to check your private IP address in #Ubuntu 20.04 LTS system. 

ifconfig command is used to display or configure a network interface.

To use command prompt (CMD) to find my #IP #address:

1. Open the command prompt: if you have a Start menu in your Windows system, open it and type cmd into the search bar.

2. Type ipconfig into the command prompt (or the Run box).

3. Find your IP address within the text that pops up.

You can also use the following commands will get you the private IP address of your interfaces:

i. ifconfig -a.

ii. ip addr (ip a)

iii. hostname -I | awk '{print $1}'

iv. nmcli -p device show.



This article will guide you on how to #SSH remote Linux servers using #OpenSSH utility. We have also discussed some basic configurations that you may find useful when connecting via SSH. Now you can easily manage remote #Linux servers for administration and troubleshooting.

To Enable #root login over SSH:

1. As root, edit the sshd_config file in /etc/ssh/sshd_config : 

nano /etc/ssh/sshd_config.

2. Add a line in the Authentication section of the file that says PermitRootLogin yes.

3. Save the updated /etc/ssh/sshd_config file.

4. Restart the SSH server: service sshd restart.



This article will guide you on the steps to install openssh server (sshd) and clients on CentOS Linux using the yum command. The #ssh #command provides a secure encrypted connection between two hosts over an insecure #network. This connection can also be used for #terminal access, file transfers, and for tunneling other applications. Graphical X11 applications can also be run securely over SSH from a remote location.



This article will guide you on how to use the root user on #OpenSUSE Linux and the sudo command.To use sudo, you need to install and configure sudo on the OpenSUSE #Linux server. The #sudo command allows you to run #programs with the security privileges of another user (by default, as the #superuser). Using the #sudoers file, system administrators can give certain users or groups access to some or all commands without those users having to know the root password.



In this article, you will learn how to disable password authentication for SSH including the root user. This will enable the server to only accept key based login and the root user can not login with password.



Is it difficult to disable weak SSH ciphers in your Linux Machine? We will help you.




More Linux Tutorials

We create Linux HowTos and Tutorials for Sys Admins. Visit us on IbmiMedia.com

Also for Tech related tips, Visit forum.outsourcepath.com or General Technical tips on www.outsourcepath.com