Configuring ssh on Debian (stretch)

SSH is usually the first thing I enable on any of my systems – being able to access them remotely is just so much easier! Even if it is just from the other side of the room and as Debian (stretch) has been released I decided it was time to update my earlier post.

If SSH isn’t already installed you will need to begin by installing the openssh-server package. I use the --no-install-recommends option to prevent any of the optional packages being installed as I prefer not to install any more packages than necessary. (To make this the default you can edit the configuration file).

# apt-get install openssh-server --no-install-recommends
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
  libedit2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3
  libkrb5support0 libwrap0 openssh-client openssh-sftp-server
Suggested packages:
  krb5-doc krb5-user keychain libpam-ssh monkeysphere ssh-askpass molly-guard
  rssh ufw
Recommended packages:
  krb5-locales tcpd xauth libpam-systemd ncurses-term
The following NEW packages will be installed:
  libedit2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3
  libkrb5support0 libwrap0 openssh-client openssh-server openssh-sftp-server
0 upgraded, 10 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,951 kB of archives.
After this operation, 7,572 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Setting up openssh-server (1:7.4p1-10) ...
Creating config file /etc/ssh/sshd_config with new version
Creating SSH2 RSA key; this may take some time ...
2048 SHA256:xvCxFOrDjiDcBtajCLl0s1FkqJwHyDq+WIeufx/eG04 root@server (RSA)
Creating SSH2 ECDSA key; this may take some time ...
256 SHA256:35+B6kcncB7K84kGcUNhA2EorUHCPKY8nNoI9Y95qeI root@server (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...
256 SHA256:/Wb1Liel1oXsyfzCtnfWnb6FcWjheG7/sMhTA6cWwoA root@server (ED25519)
Created symlink /etc/systemd/.../sshd.service ? /lib/systemd/system/ssh.service.
Created symlink /etc/systemd/.../ssh.service ? /lib/systemd/system/ssh.service.
Processing triggers for libc-bin (2.24-11+deb9u1) ...
Processing triggers for systemd (232-25) ...

If like me you prefer to be able to login as root using a username and password then you will need to edit the ssh config file to change the default settings in /etc/ssh/sshd_config/sshd_config.

Note – By default debain (and other distributions) do not allow root to login for security reasons. You are supposed to login as an ordinary user and use sudo to obtain root privileges. Not doing so is considered ‘bad’ practice (which is why this article has attracted a number of downvotes), however on a private LAN behind a couple of firewalls I just find it much more convenient, but I would suggest that you do NOT enable this unless you understand the implications.

# nano /etc/ssh/sshd_config

Then find the entry in the Authentication section of the file that says PermitRootLogin and change without-password to yes.

# Authentication:
LoginGraceTime 2m
#PermitRootLogin prohibit-password
PermitRootLogin yes
StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

Note – It is just a personal preference but when making this sort of change I prefer to comment out the original entry and create a new one.

You will need to restart the SSH server (or reboot) for this change to take effect.

# service sshd restart

This entry was posted in Uncategorized and tagged , . Bookmark the permalink.

3 Responses to Configuring ssh on Debian (stretch)

  1. Corvus B says:

    It may be a distro thing – but the Raspbian (raspberry pi) version of Stretch does not have an sshd.service. It requires # service ssh restart. It doesn’t seem logical to me that they would make such a seemingly minor change – so I thot it worth mentioning.

  2. You’re supposed to prohibit root login.. The value “prohibit-password” is the minimum… You should really disable root logins altogether by setting PermitRootLogin to “no” and then login as normal user before elevating to root from the standard user if really necessary using sudo. (This is the reason for the downvotes)

  3. Bruce McKeever says:

    Thank you Corvus B, Manually starting ssh worked fine and I was able the use PuTTY with no problem. Now the question is that “in all the miriad of LINUX places to start things” where should I start ssh to have is running at boot time?

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.