NR
>_

ssh basic

SSH Basics.

When managing a Linux system, the first thing I usually do is set up SSH. In most cases, especially on a freshly installed Ubuntu server in the cloud, SSH is already installed. If not, we can easily install it manually.

✅ Install SSH Server

On our Ubuntu server terminal, run:

sudo apt install openssh-server

The configuration file is usually located at:

/etc/ssh/sshd_config

After installation, we can start (or restart) the SSH service using:

sudo systemctl restart ssh

And we’re done — the SSH server should now be running.

✅ SSH Client

On our client machine (PC or laptop), we can connect to the server with:

ssh username@hostname
  • username is the name of the user account on the server.
  • hostname can be the IP address, a local hostname, or a domain name pointing to the server.

✅ SSH Keys (Key-Based Authentication)

SSH keys allow us to authenticate to the server without using a password. This is a best practice, as it helps prevent password leaks and brute-force attacks.

🔑 Generate SSH Key Pair (on Client)

ssh-keygen -t ed25519

Some tutorials use rsa, but here we use ED25519, which is based on Elliptic Curve Cryptography. It’s faster and more secure.

🔐 Copy SSH Key to Server

You can transfer your public key to the server with:

ssh-copy-id username@hostname

After that, try logging in again with:

ssh username@hostname

If everything is set up correctly, you shouldn’t be prompted for the server user password.

⚠️ Note: If you used a passphrase during key generation, you will be prompted for it. This passphrase protects your private key, not the server login, so it’s still safe and secure.

✅ SSH Alias (for Convenience)

Instead of typing ssh username@hostname every time, we can create a short alias:

ssh myserver01

To set this up, configure the SSH client.

🔧 Configure SSH Client

In your local system, create or edit the SSH config file:

vim ~/.ssh/config

Add the following block:

Host myserver01
    Hostname 192.168.1.10
    User myuser
    IdentityFile ~/.ssh/id_ed25519
  • Host is the alias (e.g., myserver01)
  • Hostname is the server’s IP or domain
  • User is the username on the server
  • IdentityFile is the path to your SSH private key Now you can just run:
ssh myserver01

And connect automatically.

✅ Disable SSH Password Login (for Extra Security)

Once you’ve confirmed that SSH key authentication works and you can connect using your alias. You can now disable password login entirely on the server. This helps prevent brute-force or credential-stuffing attacks.

🔒 Steps:

On the Ubuntu server, open the SSH config file

sudo vim /etc/ssh/sshd_config

Find and update or add the following lines

PasswordAuthentication no
PubkeyAuthentication yes

(Optional) for extra hardening

ChallengeResponseAuthentication no
UsePAM no

Save and exit.

Then restart the SSH service

sudo systemctl restart ssh

⚠️ Important:

Make sure your SSH key-based login works first before disabling password auth , otherwise, you might lock yourself out! Now your server only accepts key-based authentication, making it much harder to break into.

✅ Final Thoughts

Using SSH keys and aliases improves both security and convenience when managing servers.

[ ← previous ] Using MDX
[ next → ] Rsync vs. mv: Lessons from a Broken File Transfer

~/ $ ls -la contacts/

CONNECT

.rw-r--r-- github github.com/nurbxfit
.rw-r--r-- linkedin linkedin.com/in/nurfitri
.rw-r--r-- email me@nurbxfit.com
© 2026 NURBXFIT [ system online ]