Basic SSH Setup On Linux Mint 7 Using OpenSSH Server

Microsoft has Terminal Services, but with Linux you can enable secure, remote command-line access. Secure Shell software (SSH) lets you to control a remote computer without having actual physical access to the machine. SSH’s network traffic is encrypted, and assuming you configure SSH correctly, quite secure. With Linux Mint, you can use an SSH implementation called OpenSSH Server to remotely, securely access your machine.

Here’s how to install and perform a basic security configuration of OpenSSH Server on Linux Mint 7.

First, you’ll need to install OpenSSH Server. To do so, open up a Terminal window (you can find the Terminal shortcut on the menu, under the System heading) and type the following command:

sudo apt-get install openssh-server

apt-get will then download and install OpenSSH Server. Depending upon the speed of your computer and Internet connection, the installation may take several minutes.

Once the installation has finished, return to the Terminal. We’ll need to make a few changes to your /etc/ssh/sshd_config file in order to increase SSH’s security. First, however, we’ll want to make a backup copy of your sshd_config file in case anything goes wrong (it’s always a good idea to do this when editing configuration files). Type this command into the Terminal:

sudo cp /etc/ssh/sshd_config ~

This will make a backup copy of the sshd_config file in your home directory.

Next, we’ll need to edit the sshd_config file itself:

sudo gedit /etc/ssh/sshd_config

(Obviously you can use vi or emacs or the editor of your choice instead, though newer Linux users tend to find gedit’s GUI easier to use.)

Once you’re editing the file, you’ll want to add the following two directives to the end of the file:

PermitRootLogin no

AllowUsers USERNAME

PermitRootLogin no will block root from logging in via SSH. It’s best to never enable root SSH access, since if an attacker happens to figure out the root password, he or she will have total remote control over your system.

AllowUsers adds an additional layer of protection by only allowing specific users to connect via SSH. For instance, if you wanted only users test1 and test2 to have SSH access, you would set AllowUsers as AllowUsers test1 test2.

You may also want to consider changing the Ports directive. By default SSH runs over TCP/IP port 22, which means that any malware bot autoscanning port 22 can target it. Changing the Ports directive to something different will make SSH run over a different, blocking some of those automated cracking attempts.

Once you have finished changing your settings, save the sshd_config file, and restart the SSH daemon with this command:

sudo /etc/init.d/ssh restart

You should now be able to SSH into your Linux Mint machine from another system with an SSH client.

-JM

This entry was posted in Linux. Bookmark the permalink.

3 Responses to Basic SSH Setup On Linux Mint 7 Using OpenSSH Server

  1. Gary says:

    I have done this, but I still can’t ssh to my computer. Does it have anything to do with the routers in between? I have a kind of, um, strange setup involving a wireless network from an Airport Extreme, an airport express wirelessly connected to that, and a WRT54G connected to the Airport Express to connect the Ethernet switch to my Linux Mint Machine. Do I have to set up some kind of Port forwarding to allow access through that? or is it not even possible?

  2. Gary says:

    oh also, I set up a DynDNS account to host my computer. I think that makes it so I don’t need to get a static ip tight?

  3. Dustman says:

    Thanks, a brilliant and simple how-to-install-and-make-it-work document. Works out of the box.