How to Enable SSH on Linux.
 |
| Photo by Sora Shimazaki |
What is SSH?
SSH stands for Secure Shell or Secure Socket Shell and is a network protocol that provides secure communication between two computers.
Why do I need to learn SSH?
Recently, I decided to change the way I run my Home Assistant. My Home Assistant runs a type-2 hypervisor virtual machine, Lubuntu OS underlayer, and the hardware is an old laptop equipped with an AMD E-450 processor(netbook targeted processor).
It consumes too many resources for this old laptop. It becomes very laggy and slow. Therefore, I want to try using Docker to run the Home Assistant, a more lightweight approach than the virtual machine.
The Docker installation may need to interact with the terminal a lot. In the future, I also may deploy other services to the container. So, I think enabling SSH is necessary. Once the SSH is enabled, I don't have to interact with the old laptop physically, and I can control it from any device as long as the device has an SSH client.
Video
How to Enable SSH?
First, we open the terminal and update the existing package index.
# sudo apt update # sudo apt upgrade
Then, install the openssh-server package.
$ sudo apt install openssh-server
After the open-ssh package had installed, we can use this command to check the open-ssh service status. By default, it will start the service after the installation.
$ sudo systemctl status ssh
*Optional step. I'm using Lubuntu OS. It shipped with the firewall called UFW. Below is a command lets the SSH traffic pass through the firewall.
$ sudo ufw allow ssh
Now, you can check the current laptop IP address with the command below to access this laptop.
$ ip a
How to let the root user log in via SSH?
I want to be a bad example for you guys in this part.
We should not allow the root user to log in with a password. It's too easy for some attacker or bot to use the brute force attack to get the computer access.
The recommended way is to use another user instead of the root user and use the SSH key for authentication.
I learned this from the networking class back in college, but I have already forgotten how to set it up. Also, this laptop runs in the local network environment only.
So, I think enabling the root user login with a password is not that bad? (Still, not a good practice)
The command below will enable the root user login via SSH.
$ sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/' /etc/ssh/sshd_config
The root user password is not a mandatory field. Using the root user to log in via SSH without a password may encounter the error message "Permission denied, please try again.".
Below is the command to set a password root user.
$ sudo passwd
The last step is to restart the SSH service to let the changes take effect.
$ sudo systemctl restart ssh
Log in via SSH now
After all the settings, you can use an SSH client to access this laptop.
If you are a Windows user, you may need to download an SSH client Putty to access the laptop. macOS and Linux users can directly use the built-in SSH client.
Use the command below with the username root and the IP address from above to access.
$ ssh username@ip_address
Additional
Command to stop the SSH service.
$ sudo systemctl stop ssh
Command to disable remote root user login via SSH.
$ sudo sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin no/‘ /etc/ssh/sshd_config
Command to delete rule for UFW allow SSH traffic.
$ sudo ufw delete allow ssh
Command to remove openssh-server package
$ sudo apt remove openssh-server
