Here you will see how to enable SSH on Debian 9. By default, SSH is turned on, and so the root access is disabled, which implies you will not be able to log in directly to your server via SSH as the root user but using the ‘sudo’ prefix you can run commands with the same authority as the root user.
In case you are regularly working, you can log in directly as a root user instead of using the ‘sudo’ command all the time.
Requirements to enable SSH:
Requirements to enableSSH:
- A server that runs Debian 9 or later
- SSH access to your VPS
- A regular user can gain root privileges by using “sudo”.
Login to your Debian VPS via SSH as a user with ‘sudo’ privileges:
sshuser_name@Server_IP_Address -p Port_Number
Activate SSH Root Login
To enable logging as root, we must make changes to the main SSH configuration file ‘sshd config’.
sudo nano /etc/ssh/sshd_config
Now, find the below line in the file.
#PermitRootLogin prohibit-password
To enable the root login follow these two steps:
Step 1: Remove the # character from the line’s beginning to uncomment it.
PermitRootLogin prohibit-password
Step 2: Just replace the prohibit-password with yes.
PermitRootLogin yes
Once you have done the editing then save and restart the SSH for the changes. Run the following command to do that:
sudosystemctl restart ssh.service
While you login in as a root user, you must get an output as:
login as: root root@Server_IP_Address password: Linux hostname 2.6.32-042stab131.1 #1 SMP Wed Jun 20 16:32:07 MSK 2018 x86_64 The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. root@hostname:~#
Control SSH User Logins
You can use this section to explore how to restrict remote access to your server if your system has a lot of user accounts.
Open /etc/ssh/sshd_config SSH configuration file and you can grant or deny SSH access to your server by using a number of options.
sudo nano /etc/ssh/sshd_config
Allow Users:
The first approach is to grant a specific user access to your server remotely via SSH.
Add AllowUsers on a new line at the bottom of the SSH configuration file. Multiple users can be added by separating their usernames with a space. For example: configure users “test1” and “test2” with SSH access by doing the following:
AllowUsers test1 test2
Note: Other users who are not listed in the AllowUsers list won’t be able to access it.
Now restart the SSH.
sudosystemctl restart ssh
Allow Groups:
The Second approach is to grant access to your server via SSH for the entire group.
Add/edit AllowGroups on a new line at the bottom of the SSH configuration file. Add the allowed groups with a space. If we set up SSH as follows, the groups “root” and “test group” will be able to access remote SSH:
AllowGroups root test_group
Note: Only the user in the groups “root” and “test_group” are able to connect with the server via SSH.
After the changes, restart the SSH.
sudosystemctl restart ssh
Deny User:
The third approach is to disable or restrict SSH access for specific users. It is similar to allowing users or groups.
Add/edit DenyUsers as a new line in your SSH configuration file. You can deny the user by separating their usernames with a space. In the following example, deny users “test1” and “test2” remote access via SSH.
DenyUsers test1 test2
Restart the SSH to make the changes.
sudosystemctl restart ssh
Deny Group:
The fourth approach is to disable or restrict SSH access to an entire group.
Add/edit DenyGroups as a new line in your SSH configuration file. You can deny the user by separating their usernames with a space. In the following example, deny users group ‘root’ and ‘test_group’ remote access via SSH.
DenyGroups root test_group
Hpoe the steps helped you to enable SSH in Debian 9. If you need assistance feel free to Get Support.
To get more updates you can follow us on Facebook, Twitter, LinkedIn