OpenSSH for Beginners Guid

What is SSH / OpenSSH?

SSH (Secure Shell) is a protocol that lets you securely control a remote computer over a network.

  • Uses a client–server model

  • Default port: TCP 22

  • Once connected, you get command-line access as if you’re sitting at the machine

  • All communication is encrypted

OpenSSH is the most widely used open-source implementation of SSH and is included in most modern operating systems.


βœ… Step 1: Verify or Install the SSH Client

Check if SSH is installed

ssh -V

If installed, it will display the version.

If missing:

  • Linux/macOS: Install via package manager

  • Windows (modern versions): OpenSSH is built-in

  • Older Windows: Use PuTTY (GUI alternative)

Most modern systems already include OpenSSH.


πŸ–₯️ Step 2: Set Up the SSH Server

The server runs a service called sshd.

Install OpenSSH Server

Ubuntu/Debian

sudo apt install openssh-server

AlmaLinux/RHEL/CentOS

sudo dnf install openssh-server

Check Service Status

sudo systemctl status sshd

If inactive:

sudo systemctl start sshd

Enable at boot:

sudo systemctl enable sshd

Find Server IP Address

On the server:

ip a

or

hostname -I

For production:

  • Use a static IP

  • Or assign a reserved DHCP address

  • In cloud environments, check provider dashboard


Windows SSH Server

Modern Windows versions include OpenSSH:

  • Go to Optional Features

  • Enable OpenSSH Server

  • Configure to start automatically


πŸ” Step 3: Connect to the Server (Password Method)

Basic syntax:

ssh user@host

Example:

ssh admin@192.168.1.50

First-time connection:

  • You’ll see a host key fingerprint

  • Type yes to trust it (verify in production environments)

Enter password β†’ You get shell access.


πŸ—οΈ Step 4: Use Key-Based Authentication (Recommended)

Password logins are weaker. Keys are more secure.

Generate a Key (on your client machine)

ssh-keygen -t ed25519 -f ~/.ssh/servername -C "user@server"

Why ed25519?

  • Modern

  • Fast

  • Strong security

βœ” Use one key per server
βœ” Protect your private key with a passphrase


Copy Public Key to Server

ssh-copy-id -i ~/.ssh/servername.pub user@host

This:

  • Adds your public key to ~/.ssh/authorized_keys

  • Requires password once

Reconnect:

ssh user@host

Now authentication uses your key.


🚫 Step 5: Disable Password Authentication (Important)

On the server:

Edit:

sudo nano /etc/ssh/sshd_config

Set:

PasswordAuthentication no
PubkeyAuthentication yes
PermitRootLogin no

Reload:

sudo systemctl reload sshd

Test from another machine:

  • Login without key should fail

⚠ This only disables SSH password login β€” not local console login.


🧩 Step 6: Use SSH Config for Convenience

Edit (on client):

~/.ssh/config

Example:

Host almaplay
HostName 192.168.170.23
User vkc
IdentityFile ~/.ssh/almaplay

Now connect with:

ssh almaplay

Back up your ~/.ssh folder securely (encrypted offline storage recommended).


πŸ”’ Additional Hardening (Production)

βœ” Change SSH port from 22 to reduce automated scans
βœ” Install fail2ban to block brute-force attempts
βœ” Use firewall rules to restrict allowed IPs
βœ” Disable root login
βœ” Use MFA for SSH (advanced setups)


πŸ“¦ Beyond the Basics

Transfer Files

scp file.txt user@host:/path/

Or use:

rsync -avz folder user@host:/path/

Port Forwarding

Create secure tunnels between networks.

Agent Forwarding

Use your local keys through intermediate servers securely.


πŸ” Practical Advice for Nonprofits / Small Orgs

If you are managing:

  • Servers

  • Backup machines

  • 45Drives storage

  • Remote Linux systems

Always:

βœ” Use key-based auth
βœ” Disable password login
βœ” Restrict SSH to IT-only accounts
βœ” Log access attempts
βœ” Rotate keys when staff leave


Good to consider:

  • A Server SSH Hardening Standard