Install/Enable SSH on Debian 11 Bullseye

SSH or known by its full name Secure Shell Protocol, is a cryptographic network communication protocol that enables two computers to communicate securely over an unsecured network. SSH is highly used for remote login applications and command-line executables such as terminal applications.

For users wishing to connect to servers or other computers with SSH, the client and the remote connection need to both have SSH installed and enabled for this to be possible.

In the following tutorial, you will learn how to install and enable SSH on Debian 11 Bullseye Desktop or Server and connect to a remote PC.

Prerequisites

• Recommended OS: Debian 11 Bullseye
• User account: A user account with sudo or root access.

The tutorial will utilize the terminal for the installation found in Activities > Show Applications > Terminal.

Example:

Update Operating System

Update your Debian operating system to make sure all existing packages are up to date:

sudo apt update && sudo apt upgrade -y

The tutorial will be using the sudo command and assuming you have sudo status.

To verify sudo status on your account:

sudo whoami

Example output showing sudo status:

[joshua@debian~]$ sudo whoami
root

To set up an existing or new sudo account, visit our tutorial on Adding a User to Sudoers on Debian.

Installing SSH (OpenSSH)

SSH may be already present on your system depending on the Debian installation selections chosen on the initial distro installation, but for those that are unsure or need to install using the following step.

First, run the following command in your terminal to begin the installation.

sudo apt install open-ssh

Example output:

Type Y, then press the ENTER KEY to proceed.

Once installed, enable SSH using the following command.

sudo systemctl enable --now ssh

Next, check the status of the SSH instance to make sure it is running and no errors have occurred.

systemctl status ssh

Example output:

Another handy trick is to use the following command to see open connections.

ss -lt

Example output:

Connecting to SSH Server

With SSH now installed and enabled, you can connect to a remote system, another remote PC, or a server.

Remember, the SSH software must be enabled on both ends for this to work.

First, you will need to have the internal/external IP address or the hostname and preferably the username of the account connecting too, then use the ssh command to begin the connection.

ssh username@ip-address/hostname

When you connect to the remote SSH instance for the first time, you will receive the following message.

Example:

Type YES, then you will be prompted to enter your password; once done, press the ENTER KEY.

Example output (Connecting to Fedora 35 Remote PC):

As above, you have entered your password and successfully connected as instead of joshua@debian-11, we now see joshua@fedora-35 since your terminal window is logged in to the remote session.

Do note you will see when the last login was along with failed attempts demonstrated above. If you see lots of these, it means brute-force attacks are occurring, and you should look at stricter firewall rules or use something like fail2ban.

Disabling SSH (OpenSSH)

For instances where you do not need SSH running, you should always have this disabled for security purposes. Many malicious bots scan the internet for SSH instances and brute force them if they are not secure.

To disable SSH, use the following command.

sudo systemctl disable ssh --now

When you need to have SSH re-enabled, use the following command.

sudo systemctl enable ssh --now

Comments and Conclusion

In the tutorial, you have learned how to install and enable SSH (OpenSSH) on Debian 11 Bullseye.

Overall, SSH is the go-to protocol compared to using other similar services such as TELNET which is not secure. However, ensure your firewalls are activated when using SSH over an open-unsecured network.