Sometimes you need to connect via SSH to your home or work PC to configure it.

Installation plan

1. Install SSHD on a production Ubuntu Linux server.
2. Configure SSHD on the server. Instead of the default TCP port 22 for the SSH service, in this example we will use port 22334.
3. The SSHD server must be up and running constantly. Allow the SSHD service to start.
4. The local UFW firewall must be configured to allow external access to port 22334/TCP.
5. If you plan to connect from the Internet, you must forward from the WAN port of the router, port 22334, to the IP address of the computer on the local network.
6. Install SSH on MX Linux client (Debian 11 "Buster" or Debian 12 "Bookworm")
7. Connect via SSH from the client to the server.

At the end of the article I touched on X11-forwarding.

Step 1. Install SSHD on the server

Installing SSHD on Ubuntu Linux - the parameters of the apt-get command specify the name of the ssh meta package:

sudo apt-get install ssh

This command will install packages openssh-client и openssh-server at the same time.

Step 2. Setting up an SSHD server

Setting up SSHD on a computer to which we connect externally
First I copy to bak, i.e. I put aside the original SSHD configuration file:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.COPY

Correcting the configuration file according to instructions taking into account that login will be carried out using a password.$

I fixed it using the "nano" editor:

sudo nano /etc/ssh/sshd_config

My config file sshd_config I quote below (you can copy and paste it):

cat /etc/ssh/sshd_config | grep \#-v

Include /etc/ssh/sshd_config.d/*.conf
Port 22334
AddressFamily inet
ListenAddress 0.0.0.0
PermitRootLogin no
MaxAuthTries 6
MaxSessions 1
PasswordAuthentication yes
PermitEmptyPasswords no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server

Step 3: Configuring the SSHD Service to Start on Ubuntu Server

The SSHD service is used on the server for remote administration of the server and for connecting to it from the outside.

Allowing the SSHD service to run continuously when the operating system boots - by service name ssh.service:

sudo systemctl enable ssh

Restarting the sshd daemon to apply changes to the configuration file on the server (host PC).

sudo systemctl restart ssh

Step 4: Configure the local UFW firewall

Start and allow ufw to start after reboot, with one command.

sudo systemctl enable --now ufw

Check:

sudo systemctl status ufw

To open the "secret" port 22334 of the sshd server on the firewall, I ran a command that adds an allow rule:

sudo ufw allow 22334

View ufw firewall rules:

sudo ufw show added

Step 5. Port forwarding

Since I tested the task inside the local network, I skip this point. Anyone can configure forwarding a “secret” SSH port on an Internet router independently. If a VPN tunnel is used, port forwarding, which is obvious, is not necessary.

Step 6. Install ssh on a netbook running MX Linux (Debian)

On Debian, the ssh installation command is slightly different than on Ubuntu:

sudo apt-get install ssh

Step 7. Connect to the SSH server from the client

If the server has a static "white" IP address, connecting to it from the client is performed with the command

ssh user@123.45.67.8 -p 22334

where user is the user login that must exist on the server,
123.45.67.8 - server IP address,
22334 - SSH port.

When you connect for the first time, there will be a message about trust in the server, answered “yes” from the keyboard.
Then you need to enter password to your account user, and you will be taken to the server console (terminal session).

Bottom line

Next steps

If you plan to frequently connect to the server from the same machine, instead of password protection, you can configure a connection to the SSH server using certificates generated by the "ssh-keygen" program, as described in article itproffi.ru.

Solving the problem with X11 Forwarding

(Addendum dated November 15, 2023).
After following the instructions, I gained access to the server in ssh text mode, but it was not possible to work from the client terminal in X11 forwarding mode (ssh -X ...) and then when running graphical server applications on the client, for example, when launched from an ssh session xclock an error occurred "connect localhost port 6000: Connection refused. Error: Can't open display: localhost:10.0". This problem is not solved in any way in the client terminal. I got it like this:

On the client:

sudo apt install putty

Then -
Start - Internet - Putty SSH Client

"Configuration" - connection - SSH - enable compression
"Configuration" - connection - SSH -X11-Enable X11 forwarding
"Configuration" - "Session"- entered the IP address and port of the server
"Configuration" - "Session" - saved sessions -My- save

• selected My
• pressed "Open"
• entered username and password
• got into the server session
• check:echo $DISPLAY должна выводить localhost:10.0. (Если это не так, выполнить export DISPLAY=:10.0)
  *xclock или `

• xclock started on the client screen (running on the server)! Hurray!
  sudo apt install xsysinfo
xsysinfo- information about the server core load in real time.

  Links:

• Description of options in the sshd_config configuration file

Related publications

Working with Flatpak or APT through a proxy server

Fixing Linux Mint boot problem with integrated Intel graphics card

Stop and disable TimeShift to save disk space

Troubleshooting L2TP/IPsec connection errors "Could not add IPsec connection" and "no acceptable traffic selectors found"

Hard disk partitioning for installing Linux Mint on an old PC with BIOS in GPT mode