Note: this wiki is no longer maintained. If you have any questions related to this wiki, please post them on the CrunchBang forums.

Translations of this page?:


SSH (Secure SHell) allows you to remotely access and control a computer, similar to Telnet but encrypted.


A SSH client should already be installed on your local machine, so you just need to install the server software on your remote machine.

sudo apt-get install openssh-server

For more information on installing applications, see here.

Now on the client machine you should be able to access the remote machine.

ssh user@user-server

Where 'user' is your login name for the server and 'user-server' is the name of the remote computer, basically what comes up on your bash prompt when you open a terminal, if a user name isn't supplied it will default to your current user name so 'ssh user-server' may also work.

Once you have supplied your login password then you should have access to the remote computer.


Will log out of the remote computer.

Make SSH secure

Now to secure SSH, at the moment your only protection is your login password.

The first step is to generate a public private key.

On your local computer:


this will create a public and private key, it will ask you if you want to add a password, whether you add one is up to you, some one will still need the key to access the remote machine, the password will add an extra layer of protection if somebody does get hold of the key.

scp ~/.ssh/ user@user-server:~/

This will copy the public key over to the remote machine.

Now you need to log in to your remote machine:

ssh user@user-server

Then to add the key to the correct file:

cat ~/ >> ~/.ssh/authorized_keys 

You don't need this copy of the key any more so you can delete it:

rm ~/

(note you could scp the key straight over to ~/.ssh/authorized_keys, but this way ensures you don't over write any existing keys.)

Now to modify the config file, while still logged into the remote computer:

sudo nano /etc/ssh/sshd_config 

(note don't user a GUI text editor for this, any terminal text editor is fine though.)

and modify these two lines:

RSAAuthentication yes
PubkeyAuthentication yes

they enable key authentication.

Now to remove the login password, so that you only require the key, and any password that requires.

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

As an extra security measure you can specify who is allowed to login by changing this line:

AllowUsers username

then save and exit.

Now to reload the config file.

/etc/init.d/ssh reload

Your settings should now be in effect, and you can logout of the remote machine.


What now ?

SSH allows you to do a variety of things, heres a few


howto/ssh.txt · Last modified: 2012/05/24 08:24 by machinebacon
Except where otherwise noted, content on this wiki is licensed under the following license:CC Attribution-Share Alike 3.0 Unported

Powered by DokuWiki. Hosted by Linode.
Copyright © 2010 CrunchBang Linux.
Proudly powered by Debian GNU/Linux.
Debian is a registered trademark of Software in the Public Interest, Inc.