Setting Up SSH Server Between PC and Server
This guide explains how to set up and configure an SSH server to enable secure communication between a client PC and a server.
Prerequisites
- A Linux-based PC (client) and server.
- SSH package installed on both machines.
- Network connectivity between the PC and the server.
Step-by-Step Instructions
Step 1: Install OpenSSH
On both the client and server, install the OpenSSH package:
On the Server:
sudo apt update
sudo apt install openssh-server
On the Client:
sudo apt update
sudo apt install openssh-client
Step 2: Start and Enable SSH Service
Ensure the SSH service is running on the server:
sudo systemctl start ssh
sudo systemctl enable ssh
Check the service status:
sudo systemctl status ssh
Step 3: Configure SSH on the Server
-
Open the SSH configuration file:
sudo nano /etc/ssh/sshd_config
-
Modify or verify the following settings:
- PermitRootLogin: Set to
no
for security. - PasswordAuthentication: Set to
yes
to allow password-based logins initially (you can disable it after setting up key-based authentication).
- PermitRootLogin: Set to
-
Save changes and restart the SSH service:
sudo systemctl restart ssh
Step 4: Determine the Server's IP Address
Find the server's IP address to connect from the client:
ip a
Look for the IP address under the active network interface (e.g., 192.168.x.x
).
Step 5: Test SSH Connection from the Client
On the client, open a terminal and connect to the server using:
ssh username@server_ip
Replace username
with the server's username and server_ip
with the actual IP address.
Example:
ssh user@192.168.1.10
**Step 6: Set Up Key-Based Authentication
-
On the client, generate an SSH key pair:
ssh-keygen -t rsa -b 4096
-
Copy the public key to the server: on Linux
ssh-copy-id username@server_ip
on Windows go to the .ssh folder
scp $env:USERPROFILE/.ssh/id_rsa.pub username@ip:~/.ssh/authorized_keys
-
Verify key-based login:
ssh username@server_ip
-
Disable password-based logins for added security:
-
Edit the server's SSH configuration file:
sudo nano /etc/ssh/sshd_config
-
Set
PasswordAuthentication
tono
. -
Restart the SSH service:
sudo systemctl restart ssh
-
Step 7: Troubleshooting Common Issues
-
Firewall: Ensure SSH traffic is allowed through the firewall on the server:
sudo ufw allow ssh sudo ufw enable
-
Connection Refused: Check if the SSH service is running and the correct IP address is used.