On Debian 11 it is possible to remotely connect to the machine to execute commands. In this procedure I will show you how to connect remotely to a Debian 11 machine using the SSH (Secure Shell) protocol. SSH is the little brother of Telnet, it works mostly the same way except that SSH uses an encryption system between machines. The encryption system allows to hide the communications between the two machines.
Prerequisite:
- A machine on Debian 11
- A client machine that will be used to connect remotely
Installing SSH on Debian 11:
Before installing SSH on your machine, make sure it is up to date:
sudo apt update && sudo apt upgrade -y
Then you have to install the openssh-server package:
sudo apt install openssh-server
Then we activate and start the SSH service:
sudo systemctl enable ssh
sudo systemctl start ssh
Finally, from another machine (regardless of its operating system) with a terminal you can connect to the machine with this command:
ssh user@ip-address
Allow the connection with the root user:
Beware the ssh connection with the root user account is by default disabled.
I don’t recommend to enable it, but if you need it, you should edit the SSH server configuration file:
# with Nano
sudo nano /etc/ssh/sshd_config
# or with Vim
sudo vim /etc/ssh/sshd_config
Then remove the comment before “PermitRootLogin” and change the default value to yes:
PermitRootLogin yes
Then restart the SSH service:
sudo systemctl restart ssh
Login without passwords (Secure with public key):
Connecting in SSH is very convenient but each time we have to enter the password can quickly make us lose a lot of time. It is possible to connect in SSH without password with a public key.
Enable public key authentication:
To enable authentication with a public key in SSH, you need to edit the SSH server configuration file:
# with Nano
sudo nano /etc/ssh/sshd_config
# or with Vim
sudo vim /etc/ssh/sshd_config
Then you have to modify the PubkeyAuthentication line, removing the comment and setting the value to: yes
PubkeyAuthentication yes
Then restart the SSH service:
sudo systemctl restart ssh
Generation of the key pair:
To generate the public key, from the machine that is going to connect to the server, you have to enter a command in a terminal that will generate the key pair.
The command will ask you if you want to rename the file that will contain the key, but this is optional.
It will also ask you if you want to add a passphrase which is also optional.
ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/aymeric/.ssh/id_rsa):
Created directory '/home/aymeric/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/aymeric/.ssh/id_rsa
Your public key has been saved in /home/aymeric/.ssh/id_rsa.pub
The key fingerprint is:
SHA256: **********
Sending the key pair to the server:
To be able to connect to the server without a login, you need to send it a key, to do this you use the following command:
ssh-copy-id user@ip-address
It is now possible to connect to the machine without a password with the command :
ssh user@ip-address
This operation can be done from several clients, on the server it will add several lines in the file ~/.ssh/authorized_keys on the server. Each line will correspond to a key of a client.
Transferring files with SSH :
Once the SSH server is started, it is possible to transfer files either in SCP or in SFTP. SFTP is more interactive (e.g.: possibility to create/delete folders …) than SCP but both allow to transfer files. Both are usable in command line or with a graphic interface.
SFTP :
The command line :
On the command line, to connect you must use this command:
sftp user@ip-address
Here is a list of important commands for using SFTP from the command line:
ls : show folders/files
mkdir : create a folder
cd : go to a folder ("cd .." to go up from a folder)
pwd : show current location
get : download a file
put : send a file
exit : Quit SFTP connexion
Graphical interface:
For each of these softwares, you will just have to connect to the server with your accesses and choose the SFTP protocol, then you will have access to a file explorer which will allow you to transfer your files.
SCP :
The command line :
Here is how to use SCP from the command line:
scp local-path user@ip-adrdress:server-path
Graphical interface:
There are several software to perform PCS with a graphical interface, I recommend :
For the software that allows to propose a SCP connection, you just have to fill in your connection information and then choose the SCP protocol. Once connected, you will have a file explorer that will allow you to manage the file transfer from your client machine and your server machine.
Sources:
https://wiki.debian.org/fr/SSH