How to Enable SSH on Debian 11

SSH is a network protocol for secure communication between a client and a server. This enables you to remotely connect to your Debian machine to perform commands, file transfer, or administrative tasks. SSH provides strong authentication using passwords and public key authentication. Once the connection is established, the data that is transmitted is encrypted.

In this tutorial, we learn how to enable SSH on a Debian Desktop system.

Enable SSH on Debian

To install and enable SSH on Debian complete the following steps:

1. Open your terminal update your Debian system:

$ sudo apt update
apt update

2. SSH server is not installed by default on the Debian system. To install it, use the package openssh-server, which is available in the Debian repository. To install SSH, type:

$ sudo apt install openssh-server
install openssh-server package

Enter the sudo user password when prompted and enter Y to continue with the installation.

3. Verify the installation by running the following command:

$ sudo systemctl status ssh
ssh service status check

SSH service will automatically start and show active (running) to confirm. Press q to exit, back to the shell.

In case not started, use the following command to start ssh service:

$ sudo systemctl start ssh

To enable the ssh service on system boot, type:

$ sudo systemctl enable ssh

4. Find your server IP

You may use different methods to find your Linux system assigned IP address. You can simply issue the following command to get your server IP address:

$ ip a

Output:

1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
     link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
     inet 127.0.0.1/8 scope host lo
        valid_lft forever preferred_lft forever
     inet6 ::1/128 scope host
        valid_lft forever preferred_lft forever
 2: eth0:  mtu 1500 qdisc mq state UP group default qlen 1000
     link/ether f2:3c:92:e8:9f:cc brd ff:ff:ff:ff:ff:ff
     inet 192.168.0.64/24 brd 192.168.0.255 scope global dynamic eth0
        valid_lft 48927sec preferred_lft 48927sec
     inet6 2600:3c02::f03c:92ff:fee8:9fcc/64 scope global dynamic mngtmpaddr noprefixroute
        valid_lft 2592000sec preferred_lft 604800sec
     inet6 fe80::f03c:92ff:fee8:9fcc/64 scope link
        valid_lft forever preferred_lft forever

From the output, you can see that the system IP address is 192.168.0.64.

Connect to your server using SSH

By default, all Linux Distributions have an ssh client installed. This allows the client machine to connect server using ssh.

Use the following ssh command to login the remote machine:

ssh linoxide@192.168.0.64

Output:

The authenticity of host '192.168.0.64 (192.168.0.64)' can't be established.
 ECDSA key fingerprint is SHA256:kuEUb8Lpus1yPuKJ6fm8s9E8x61wGv1u6U2OhEb3Ubc.
Are you sure you want to continue connecting (yes/no/[fingerprint])? Y

This message comes when you connect the remote host the first time. Press yes to continue.

Warning: Permanently added '192.168.0.64' (ECDSA) to the list of known hosts.
 linoxide@192.168.0.64's password:

Enter your user password to login. You get the following default welcome message followed by a shell prompt. Great you have logged in securely to Debian.

Linux debian-host-01 5.10.0-8-amd64 #1 SMP Debian 5.10.46-4 (2021-08-03) x86_6
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent

Firewall Settings

UFW is the popular user-friendly interface to iptables firewall. UFW is not installed by default on Debian.

To install ufw on Debian, type:

$ sudo apt install ufw

By default, UFW is configured to deny all incoming connections and allow all outgoing connections. Before enabling UFW, enable ssh otherwise it would deny incoming connections.

By default SSH daemon use port 22. For security enhancement, can change the default port or set up port forwarding.

To allow port 22 using ufw, type:

$ sudo ufw allow 22

To enable UFW, type:

$ sudo ufw enable

The firewall is active now, with a firewall rule to allow SSH connections.

Disable SSH

You can simply stop the ssh service to disable SSH on Debian.

$ sudo systemctl stop ssh

To disable ssh on system boot, type:

$ sudo systemctl disable ssh

Conclusion

In this tutorial, we learned how to install and enable SSH on Debian 11. You can now securely login to your Debian remote machine and perform your tasks.

Leave a Comment