If you are using a Linux VPS, you are connecting to it via SSH protocol. But if you have created a new user and you want to allow SSH access for that user, you will have to complete some simple steps.

On the other hand, if you have just created your own server but you don’t have SSH enabled, it will be also easy to do.

Install OpenSSH Server

  • If SSH is not installed on your server, install openssh. In Ubuntu, type this command (you need to be root or use sudo):
    apt install openssh-server -y
    

Configure your client

  • In your client, install openssh-client and look for a .ssh/ folder in your home directory. If it doesn’t exists, create it and change its permissions so only the owner can access this folder.
    mkdir ~/.ssh
    chmod 700 ~/.ssh
    
  • Execute ssh-keygen command to create the private and public keys and select default values pressing Intro key (you can set a password for the private key if you want).
    # You can omit '-t rsa' on most systems
    $ ssh-keygen -t rsa
    Generating public/private rsa key pair.
    Enter file in which to save the key (/home/user/.ssh/id_rsa): 
    Enter passphrase (empty for no passphrase): 
    Enter same passphrase again: 
    Your identification has been saved in /home/user/.ssh/id_rsa
    Your public key has been saved in /home/user/.ssh/id_rsa.pub
    ...
    
    • If you lose your public key, you can regenerate it:
      ssh-keygen -y -f my-private-key.pem > my-public-key.pub
      
    • You can also specify an output directory and filename with -f:
      ssh-keygen -f /home/ricardo/ssh-keys/id_rsa
      
  • Run this command to copy the public key to the server.
    ssh-copy-id -i ~/.ssh/id_rsa.pub <USER>@<SERVER_IP>
    
  • Now you can save your private key file in a secure place.
  • Check SSH config file: /etc/ssh/sshd_config.
    • It’s a good practice changing SSH port (Port 22).
    • Password Authentication no disallows connecting to the server without a private key (check that you can connect with the private key before restarting SSH).
    • PermitRootLogin no disallows user root to connect through SSH.
  • If you have made changes to this file, restart SSH typing as root:
    systemctl restart ssh
    #or
    systemctl reload ssh
    

More settings inside /etc/ssh/sshd_config

  • X11Forwarding yes to allow X11 forwarding.
  • You may need to set X11UseLocalhost no to allow remote X11 forwarding.