Skip to main content

OpenSSH – Remote access to your server in command line

To control your server (Most probably headless, with no keyboard and mouse attached), you can use SSH (Secure Shell) Protocol.

Hence, here is how to install it and improve the security of this service.

OpenSSH logo


Yep, that’s all !



If you are using Windows, I suggest you to use the software called Putty.
You will just need to enter the local IP of your server.
And on GNU/Linux, just type:
Replace admin by the user you have created during the OS’ installation, and 192.168.0.IP by the IP of your machine. It will ask you your user’s password. Type it. (No character will be shown).

If you don’t know the IP of your server, type the following command on your server to get your IP. It should be something like 192.168.x.x:

And now you shoud be connected !


You could do few things to improve the security of SSH on your server for example:

1) Create and use DSA key instead of simple password

To improve your security, the main step is to use encryption keys + password.

– On the client, (not the server), create a couple of DSA key. (Public and private)
As your regular user, type:
– Save the key where you wish to

– And enter a STRONG password

It will create a couple of keys of which the “” will need to be added into the accepted keys of your server.

Still on the client, type:
/home/YOURUSER/.ssh/ being where you saved your previously generated key.

It will automatically load your key in the authorized_keys file of your server.

Now that your key is accepted, we will only authorized this authentication method and remove the password-only way.

We will configure the ssh daemon to do so.

On the server side, type:

and uncomment (remove the #) the line

Save. (CTRL + X, then Y and press Enter)


2) Change default port number

22 is the default port number of SSH, however, most cracking attacks come from automated scripts that scan the net for ssh daemons and attempt to break in, usually on the default port, ie 22.

Hence, changing the default port number reduce greatly this risk (But do not reduce the risk of a real hacker to get in tho)

Still in sshd_config,

change the line

by the port you want.

But don’t forget to open this new port into your router.


3) Forbid direct ROOT access

By forbidden to connect to your server using root directly, this could improve a little bit the security of your server. Obviously you will still be able to use sudo/su command.

Find the line

and change by

4) Reduce LoginGraceTime

To avoid keeping a login attempt open too long, you could reduce down the LoginGraceTime

Find the line

And change it by something like

(It uses second as metric)

But be careful not to set it too low as one day you may want to access it from a long distance or poor connection with high latency.


5) Only allow specific username

You could only allow specific usernames to access to your SSH. If you want to do so, modify/add the line


6) Add Banner Message

How about adding a small banner message to display


Create your message in /etc/

And write what you want like:

and in sshd_config uncomment/modify the line


And don’t forget to restart the daemon after your changes:


Obviously, this won’t be perfect, but should help to increase a bit the security of your SSH service.

And you, how do you configure your SSH Daemon?




My choice of server distribution – Debian

Most probably you have already decided to use Linux as your server operating system as did 98% of the Top 500 supercomputers (Based on performance). Obviously Linux is usually the preferred choice for most of servers, so I will not discuss this point further.

But which flavor are you going to use?

CentOS? Ubuntu? Gentoo? Debian? Arch? Redhat? Fedora?

There are hundreds of Linux distributions, some specialized for servers, some for others purposes (Kids, security, online privacy, best performance, NAS, etc…).

Some are supported by robust company with professional support such as Suse, RedHat, etc…. and some are community driven (Ubuntu, Debian, Fedora, …).

For me, what I value the most in a server distribution are:

1) Community Support:

I expect to use a popular distribution where I can be sure most of the problems I will be facing if any, would have been already asked by someone else. Or if not, have proper forums to ask questions.

2) Stability

I want to make sure the services I will install are stable enough for a server. Not too new, not too old.

3) Security

Well, if any breach, backdoors, etc…is detected, I expect the devs of the distribution to release a patch rapidly. But also, the distribution must be popular enough and security oriented in their processes.

4) Large choice of services already pre-configured for this distribution.

I love when it works out of the box with no further configuration to do and I’m avoid too time consuming distributions.

Based on these criteria, basically, I prioritize 3 distributions, although the others are great too depending on your needs and skills:

– CentOS

– Debian

– Ubuntu.

But as I’m used to Debian/Ubuntu style (Most popular distribution), I usually only work with these 2 for servers.

The issue I have with Debian is it’s too old packages in the Stable version. However, after run my server on Ubuntu for 2 years and switch to Debian afterwards, I can clearly feel the difference in the stability of the system.

Debian is smoother and I encounter less issues with it. But I dislike the fact to split the Debian version in Stable, Testing, Unstable, Experimental. Always annoying to play with the source.list or preferences to select the version I want. (Gentoo was easier in that sense…but way too time consuming).

Anyway, there is no secret. Stability often means intensively tested, meaning you may have “outdated” versions if you only use Stable repository. I’m now used to install first the Stable version and only if I want to have a specific software updated, I’ll use backport or testing repositories to install it. I actually don’t need to have the latest PHP or MySQL version if the new features are not essential for me. But for application like Deluge-torrent, etc.. I do want a more recent version if possible to enjoy latest GUI, performance, .. improvements.

That is why Debian has started to be my favorite distribution for server and I strongly advice you to use it too as it is not more difficult than Ubuntu actually.

sysadmin & uptime
Sysadmin & Uptime

How to choose a good password

And the top 10 passwords are ……:

top 10 passwords of 2013
Worst passwords of 2013

If you are using any of these password you MUST change them as soon as possible by a robust one.

By robust, I mean:

Difficult to bruteforce (Trying all the combination possible with important processing power, like doing aaa, aab, aac, aad. Easy to do with current technology….)

Difficult to guess (If your first 3 letters start by oba, most probably the next 2 will be ma…obama. This can be done based on statistics and using words from dictionaries,… alias Entropy)


  • Write down your password on a piece of paper and post it on your computer (Too many people and enterprises are still doing it…).
  • Use the same password across multiple services. If one service is compromised, you could loose all the others accounts !
  • Share your password with anyone else. You may trust your friend, colleagues, family, but they may not have as good practices as (hopefully) you have to keep it secret.
  • If your email providers or any other services is requesting to send them your password for double checking or repair something, etc…, or any others reasons. Do not share it ! Most probably it is just some SPAM, SCAM, …Professional providers will NEVER ask you your password.


  • Names:
    • of yourself, including nicknames or login name (Even in reverse order or whatever order);
    • of your relatives;
    • of fictional characters or popular movie (Lord Of the Ring, Star Trek,… ;
    • of any place or proper noun;
  • Numbers, including:
    • your phone number;
    • your social security number;
    • anyone’s birthday;
    • your driver’s licence number or licence plate;
    • your room number or address;
    • any common number like 3.1415926;
    • any mathematical series such as 1234 or 2468, etc…(Computer will be better than you at this game)
  • Any word in any dictionary in any language in any form including slang, obscenity, or even technical jargon.
  • Any common phrases such as “Thanks God, it’s Friday” or “So far so good’, etc..;
  • Simple patterns, including:
    • passwords of all the same letter;
    • simple keyboard patterns (qwerty, asdfjkl);.
  • Any information about you that is easily obtainable:
    • favorite color;
    • favorite rock group.
  • Any object that is in your field of vision at your workstation.
  • Any password that you have used in the past.


  • Change your password frequently (Every 3 to 6 months);
  • Use both UPPER and lower case letters.
  • Use numbers, letters and special symbols (!@#$%^&*).
  • Create simple mnemonics (memory aids) tp help you remember your password:
    • “Ial 4g miPA$$.” for “I always forget my password.” (14 characters with UPPER and lower case, both letters and numbers with special symbols (Including spaces)
    • “HmPwaCciaCccP?” for “How many passwords would a cracker crack if a cracker could crack passwords?” (From MIT example)
  • Use misspelled words (Whut ru tolqing Abut?).
  • Use a minimum of eight characters. Some even recommend at least 15 characters. Anyway, in most of the case, the longer the better.
  • Could use your own standard rule to change a little bit only your password for each different services:
    • “Ial 4g miPA$$.” could become “Ial 4g-GO miPA$$.” for Google account and “Ial 4g-AM miPA$$.” for Amazon account.

Some people are recommending to use Password Wallets to avoid having to remember several passwords for different services. It’s basically a small software installed on your computer or smartphone that will keep records of all your passwords and will be protected by a super strong password (The only one to remember).

I’m not a big fan of these software as protecting your own computer might not be an easy job to avoid any hack, etc.. and you need to really trust this software to put all your eggs in the same basket…

Actually, for non critical passwords, if might even be safer to write it down on a small paper and keep it in your wallets, as most of the attacks will come from internet or having physical access to your computer.

The best will always be to keep it in your head. And if you forget it, just reset it.

If you want to see what could be a robust password, I recommend you this Strong Password Generator. However, it may be risky to use it as you are not sure if this website is keeping in record all the generated passwords in its database. (Probably not, but now, as a advised user, you should doubt of everything)

And to see how secure would be your password, I recommend you using this service. But here again, you are not sure that once entered into the website, it keeps record or not.

Password Security
Password Security

And you, what are your tips to choose a good password?

Jitsi, promissing alternative to Skype and Hangouts

If you are looking for an alternative to Skype or Hangouts that is easy to use, Open Source, well maintained, with promising features, focused on privacy, security and with the ability to host most of it, well I strongly recommend Jitsi !

Alternative to Skype or Hangouts
logo jitsi

“Jitsi (formerly SIP Communicator) is an audio/video and chat communicator that supports protocols such as SIP, XMPP/Jabber, AIM/ICQ, Windows Live, Yahoo! and many other useful features” such as:

  • Desktop sharing
  • Audio & Video conference call
  • Call recording
  • Call & OTR encryption

Jitsi is Open Source / Free Software, and is available under the terms of the LGPL.

Already mufti-platforms (Windows, Mac OS, Linux, Android,…), several developments is being carried to improve even further its features, such as JitMeet, WebRTC JavaScript Application and even a HTML5 interface is about to start being developed.


You could actually host by yourself the XMPP server and their VideoBridge (For multi-user video conference call bridge). But if you don’t want to do so, you could simply register to their XMPP at and start using it !

They actually presented during the FOSDEM 2014 their Jitsi Videobridge, JitMeet and the other components that they used to build the service.


Also, you could find a recent interview of Emil Evov, CEO of Blue Jimp, the company behind the Jitsi open source VoIP client on Worth to read !

I’ve moved completely to Jitsi for my XMPP and SIP experience and I’m very happy with it. Obvisouly a lot of improvement can be made, but the good news is they are really working on it and at a good speed !

Have you tried this service already? Or do you think you use a better alternative?

Communicate effectively...?
Preferred chat system