Secure Shell (SSH) lets you connect to your Linux machine remotely with encryption. This guide covers server installation, firewall rules, key-based login, and hardening on Ubuntu/Debian and CentOS/AlmaLinux.
Before starting make sure ur linux is ready.
- Ubuntu: ubuntu.com/download
- Debian: debian.org/distrib
- CentOS Stream: centos.org/download
- AlmaLinux: almalinux.org/download
- Talkecho full toturial: Click here
1) Install OpenSSH Server
# Ubuntu / Debian
sudo apt update
sudo apt install -y openssh-server
# CentOS / AlmaLinux
sudo dnf install -y openssh-server
sudo systemctl enable --now sshd
Check status:
# Ubuntu: service name is "ssh"
sudo systemctl status ssh
# RHEL family: service name is "sshd"
sudo systemctl status sshd
2) Open the Firewall (Port 22/TCP by default)
# Ubuntu with UFW
sudo ufw allow OpenSSH
sudo ufw enable
sudo ufw status
# CentOS/AlmaLinux with firewalld
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
sudo firewall-cmd --list-all
Tip: If you change the SSH port later (e.g., 2222), update the firewall rule accordingly.
3) Create an SSH Key (Client)
# on your local machine
ssh-keygen -t ed25519 -C "[email protected]"
# press Enter to accept the default path (~/.ssh/id_ed25519)
# set a passphrase for extra securityCopy your public key to the server:
ssh-copy-id user@server-ipIf ssh-copy-id is unavailable, paste the content of ~/.ssh/id_ed25519.pub into ~/.ssh/authorized_keys on the server (permissions: ~/.ssh = 700, authorized_keys = 600).
4) Connect Over SSH
# default port
ssh user@server-ip
# custom port
ssh -p 2222 user@server-ip5) Hardening the SSH Server
Edit the SSH daemon config and apply best practices.
# Ubuntu
sudo nano /etc/ssh/sshd_config
# CentOS/AlmaLinux
sudo nano /etc/ssh/sshd_configRecommended settings (uncomment or add):
Port 22 # or change to a non-standard port like 2222
PermitRootLogin no # disable direct root login
PasswordAuthentication no # require keys (set after key login works)
PubkeyAuthentication yes
PermitEmptyPasswords no
ClientAliveInterval 300 # keep-alive
ClientAliveCountMax 2
MaxAuthTries 3Reload the service:
# Ubuntu
sudo systemctl reload ssh
# CentOS/AlmaLinux
sudo systemctl reload sshd6) Troubleshooting
- Service not listening?
ss -tlnp | grep -E ':(22|2222) ' - Firewall blocked? Confirm rules using
ufw statusorfirewall-cmd --list-all. - Wrong permissions? SSH requires strict perms:
chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys - Check logs:
sudo journalctl -u ssh -f(Ubuntu) orsudo journalctl -u sshd -f(RHEL family).
Bonus: SSH Config Shortcuts (Client)
Create ~/.ssh/config to save hosts and options:
Host myserver
HostName 203.0.113.10
User alex
Port 2222
IdentityFile ~/.ssh/id_ed25519
ServerAliveInterval 60Now connect with simply:
ssh myserverAbout the Author
