Configuring ssh on Debian (stretch)

SSH is usually the first thing I enable on any of my systems – being able to access them remotely is just so much easier! Even if it is just from the other side of the room and as Debian (stretch) has been released I decided it was time to update my earlier post.

If SSH isn’t already installed you will need to begin by installing the openssh-server package. I use the --no-install-recommends option to prevent any of the optional packages being installed as I prefer not to install any more packages than necessary. (To make this the default you can edit the configuration file).

# apt-get install openssh-server --no-install-recommends
Reading package lists...
Building dependency tree...
Reading state information...
The following additional packages will be installed:
  libedit2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3
  libkrb5support0 libwrap0 openssh-client openssh-sftp-server
Suggested packages:
  krb5-doc krb5-user keychain libpam-ssh monkeysphere ssh-askpass molly-guard
  rssh ufw
Recommended packages:
  krb5-locales tcpd xauth libpam-systemd ncurses-term
The following NEW packages will be installed:
  libedit2 libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3
  libkrb5support0 libwrap0 openssh-client openssh-server openssh-sftp-server
0 upgraded, 10 newly installed, 0 to remove and 0 not upgraded.
Need to get 1,951 kB of archives.
After this operation, 7,572 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Setting up openssh-server (1:7.4p1-10) ...
Creating config file /etc/ssh/sshd_config with new version
Creating SSH2 RSA key; this may take some time ...
2048 SHA256:xvCxFOrDjiDcBtajCLl0s1FkqJwHyDq+WIeufx/eG04 root@server (RSA)
Creating SSH2 ECDSA key; this may take some time ...
256 SHA256:35+B6kcncB7K84kGcUNhA2EorUHCPKY8nNoI9Y95qeI root@server (ECDSA)
Creating SSH2 ED25519 key; this may take some time ...
256 SHA256:/Wb1Liel1oXsyfzCtnfWnb6FcWjheG7/sMhTA6cWwoA root@server (ED25519)
Created symlink /etc/systemd/.../sshd.service ? /lib/systemd/system/ssh.service.
Created symlink /etc/systemd/.../ssh.service ? /lib/systemd/system/ssh.service.
Processing triggers for libc-bin (2.24-11+deb9u1) ...
Processing triggers for systemd (232-25) ...

If you need to login as root using a username and password you will need to edit the ssh config file /etc/ssh/sshd_config/sshd_config.

# nano /etc/ssh/sshd_config

Then find the entry in the Authentication section of the file that says PermitRootLogin and change without-password to yes.

# Authentication:
LoginGraceTime 2m
#PermitRootLogin prohibit-password
PermitRootLogin yes
StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

Note – It is just a personal preference but when making this sort of change I prefer to comment out the original entry and create a new one.

You will need to restart the SSH server (or reboot) for this change to take effect.

# service sshd restart

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s