Skip to main content

OpenSSH – Remote access to your server in command line

To control your server (Most probably headless, with no keyboard and mouse attached), you can use SSH (Secure Shell) Protocol.

Hence, here is how to install it and improve the security of this service.

OpenSSH logo


Yep, that’s all !



If you are using Windows, I suggest you to use the software called Putty.
You will just need to enter the local IP of your server.
And on GNU/Linux, just type:
Replace admin by the user you have created during the OS’ installation, and 192.168.0.IP by the IP of your machine. It will ask you your user’s password. Type it. (No character will be shown).

If you don’t know the IP of your server, type the following command on your server to get your IP. It should be something like 192.168.x.x:

And now you shoud be connected !


You could do few things to improve the security of SSH on your server for example:

1) Create and use DSA key instead of simple password

To improve your security, the main step is to use encryption keys + password.

– On the client, (not the server), create a couple of DSA key. (Public and private)
As your regular user, type:
– Save the key where you wish to

– And enter a STRONG password

It will create a couple of keys of which the “” will need to be added into the accepted keys of your server.

Still on the client, type:
/home/YOURUSER/.ssh/ being where you saved your previously generated key.

It will automatically load your key in the authorized_keys file of your server.

Now that your key is accepted, we will only authorized this authentication method and remove the password-only way.

We will configure the ssh daemon to do so.

On the server side, type:

and uncomment (remove the #) the line

Save. (CTRL + X, then Y and press Enter)


2) Change default port number

22 is the default port number of SSH, however, most cracking attacks come from automated scripts that scan the net for ssh daemons and attempt to break in, usually on the default port, ie 22.

Hence, changing the default port number reduce greatly this risk (But do not reduce the risk of a real hacker to get in tho)

Still in sshd_config,

change the line

by the port you want.

But don’t forget to open this new port into your router.


3) Forbid direct ROOT access

By forbidden to connect to your server using root directly, this could improve a little bit the security of your server. Obviously you will still be able to use sudo/su command.

Find the line

and change by

4) Reduce LoginGraceTime

To avoid keeping a login attempt open too long, you could reduce down the LoginGraceTime

Find the line

And change it by something like

(It uses second as metric)

But be careful not to set it too low as one day you may want to access it from a long distance or poor connection with high latency.


5) Only allow specific username

You could only allow specific usernames to access to your SSH. If you want to do so, modify/add the line


6) Add Banner Message

How about adding a small banner message to display


Create your message in /etc/

And write what you want like:

and in sshd_config uncomment/modify the line


And don’t forget to restart the daemon after your changes:


Obviously, this won’t be perfect, but should help to increase a bit the security of your SSH service.

And you, how do you configure your SSH Daemon?