What is SSH / OpenSSH?
SSH (Secure Shell) is a protocol that lets you securely control a remote computer over a network.
Uses a clientβserver model
Default port: TCP 22
Once connected, you get command-line access as if youβre sitting at the machine
All communication is encrypted
OpenSSH is the most widely used open-source implementation of SSH and is included in most modern operating systems.
β Step 1: Verify or Install the SSH Client
Check if SSH is installed
ssh -V
If installed, it will display the version.
If missing:
Linux/macOS: Install via package manager
Windows (modern versions): OpenSSH is built-in
Older Windows: Use PuTTY (GUI alternative)
Most modern systems already include OpenSSH.
π₯οΈ Step 2: Set Up the SSH Server
The server runs a service called sshd.
Install OpenSSH Server
Ubuntu/Debian
sudo apt install openssh-server
AlmaLinux/RHEL/CentOS
sudo dnf install openssh-server
Check Service Status
sudo systemctl status sshd
If inactive:
sudo systemctl start sshd
Enable at boot:
sudo systemctl enable sshd
Find Server IP Address
On the server:
ip a
or
hostname -I
For production:
Use a static IP
Or assign a reserved DHCP address
In cloud environments, check provider dashboard
Windows SSH Server
Modern Windows versions include OpenSSH:
Go to Optional Features
Enable OpenSSH Server
Configure to start automatically
π Step 3: Connect to the Server (Password Method)
Basic syntax:
ssh user@host
Example:
ssh admin@192.168.1.50
First-time connection:
Youβll see a host key fingerprint
Type
yesto trust it (verify in production environments)
Enter password β You get shell access.
ποΈ Step 4: Use Key-Based Authentication (Recommended)
Password logins are weaker. Keys are more secure.
Generate a Key (on your client machine)
ssh-keygen -t ed25519 -f ~/.ssh/servername -C "user@server"
Why ed25519?
Modern
Fast
Strong security
β Use one key per server
β Protect your private key with a passphrase
Copy Public Key to Server
ssh-copy-id -i ~/.ssh/servername.pub user@host
This:
Adds your public key to
~/.ssh/authorized_keysRequires password once
Reconnect:
ssh user@host
Now authentication uses your key.
π« Step 5: Disable Password Authentication (Important)
On the server:
Edit:
sudo nano /etc/ssh/sshd_config
Set:
PasswordAuthentication noPubkeyAuthentication yesPermitRootLogin no
Reload:
sudo systemctl reload sshd
Test from another machine:
Login without key should fail
β This only disables SSH password login β not local console login.
π§© Step 6: Use SSH Config for Convenience
Edit (on client):
~/.ssh/config
Example:
Host almaplay HostName 192.168.170.23 User vkc IdentityFile ~/.ssh/almaplay
Now connect with:
ssh almaplay
Back up your ~/.ssh folder securely (encrypted offline storage recommended).
π Additional Hardening (Production)
β Change SSH port from 22 to reduce automated scans
β Install fail2ban to block brute-force attempts
β Use firewall rules to restrict allowed IPs
β Disable root login
β Use MFA for SSH (advanced setups)
π¦ Beyond the Basics
Transfer Files
scp file.txt user@host:/path/
Or use:
rsync -avz folder user@host:/path/
Port Forwarding
Create secure tunnels between networks.
Agent Forwarding
Use your local keys through intermediate servers securely.
π Practical Advice for Nonprofits / Small Orgs
If you are managing:
Servers
Backup machines
45Drives storage
Remote Linux systems
Always:
β Use key-based auth
β Disable password login
β Restrict SSH to IT-only accounts
β Log access attempts
β Rotate keys when staff leave
Good to consider:
A Server SSH Hardening Standard