How to install OpenSSH server on Debian Linux 12/11/10/9

See all Debian/Ubuntu Linux related FAQ
How do I install OpenSSH sshd server under Debian GNU/Linux operating systems version 12/11/10/9/8?

You need to use the apt-get command/apt command or aptitude command command to install OpenSSH server under Debian Linux. This quick tutorial explains how to install OpenSSH (SSHD) server on a Debian Linux version 8/9/10/11 using the CLI.
Tutorial details
Difficulty level Easy
Root privileges Yes
Requirements Linux terminal
Category Package Manager
Prerequisites Debian Linux
OS compatibility Debian Mint Pop!_OS Ubuntu
Est. reading time 2 minutes

How to install OpenSSH SSHD server on a Debian Linux

First, open a terminal application and then type the following command to update package database as the root user:
# apt-get update

Installing OpenSSH server Under Debian Linux

Type the following apt-get command or apt command:
# apt-get install openssh-server
Here is what I see:

Reading package lists... Done
Building dependency tree       
Reading state information... Done
Suggested packages:
  ssh-askpass rssh molly-guard ufw
The following NEW packages will be installed:
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 318 kB of archives.
After this operation, 717 kB of additional disk space will be used.
Get:1 squeeze/main openssh-server amd64 1:5.5p1-6+squeeze1 [318 kB]
Fetched 318 kB in 3s (89.0 kB/s)         
Preconfiguring packages ...
Selecting previously deselected package openssh-server.
(Reading database ... 153448 files and directories currently installed.)
Unpacking openssh-server (from .../openssh-server_1%3a5.5p1-6+squeeze1_amd64.deb) ...
Processing triggers for man-db ...
Setting up openssh-server (1:5.5p1-6+squeeze1) ...
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ...
Restarting OpenBSD Secure Shell server: sshd.

By default openssh will run on the TCP port 22. You can verify the same with the combination of grep command and ss command/netstat command:
# netstat -tulpn | grep :22
Sample outputs:

tcp        0      0    *               LISTEN      3946/sshd       
tcp6       0      0 :::22                   :::*                    LISTEN      3946/sshd     

Testing ssh connections

You can connect to the Openssh server using the ssh command:
$ ssh user-name@server-ip-here
$ ssh ec2-user@debian-11-aws-ec2-server

How Do I Start / Stop / Restart OpenSSH Server Under Debian Linux?

Type the following commands as root user:
# service ssh stop
# service ssh start
# service ssh restart
# service ssh status

# /etc/init.d/ssh stop
# /etc/init.d/ssh start
# /etc/init.d/ssh restart
# /etc/init.d/ssh status

Fig.01: OpenSSH under Debian Linux

Click to enlarge the image

Restarting OpenSSH server under Debian Linux 10 or 11

Latest version of Debian Linux comes with systemd. Hence, use the systemctl command to start/stop or restart the service:
# systemctl start ssh
# systemctl stop ssh
# systemctl restart ssh
# systemctl status ssh

How to enable and install OpenSSH server on Debian Linux

How Do I Open Port 22 At The Firewall Level?

Edit your firewall script and append the following rule to restrict access to
# /sbin/iptables -A INPUT -s -m state --state NEW -p tcp --dport 22 -j ACCEPT
Save and close the file. OR, you can type the command as follows and save it to your firewall config file:
# /sbin/iptables -A INPUT -s -m state --state NEW -p tcp --dport 22 -j ACCEPT
# iptables-save > /path/to/your.firewall.conf

How Do I Configure and Secure OpenSSH Server under Debian Linux?

You need to edit the /etc/ssh/sshd_config file using the text editor such as vi, run:
# vi /etc/ssh/sshd_config
See this article which explains config option to tweak in order to improve OpenSSH server security.

Summing up

And that is all for now. You learned how to install, configure and enable OpenSSH server on Debian Linux version 8/9/10/11 using the terminal. For more info use the man command or help command to read the following manual pages:\

man sshd_config
man apt-get
man apt
This entry is 8 of 23 in the Linux/Unix OpenSSH Tutorial series. Keep reading the rest of the series:
  1. Top 20 OpenSSH Server Best Security Practices
  2. How To Set up SSH Keys on a Linux / Unix System
  3. OpenSSH Config File Examples For Linux / Unix Users
  4. Audit SSH server and client config on Linux/Unix
  5. How to install and upgrade OpenSSH server on FreeBSD
  6. Ubuntu Linux install OpenSSH server
  7. Install OpenSSH server on Alpine Linux (including Docker)
  8. Debian Linux Install OpenSSH SSHD Server
  9. Configure OpenSSH To Listen On an IPv6 Address
  10. OpenSSH Server connection drops out after few minutes of inactivity
  11. Display banner/message before OpenSSH authentication
  12. Force OpenSSH (sshd) to listen on selected multiple IP address only
  13. OpenSSH Change a Passphrase With ssh-keygen command
  14. Reuse SSH Connection To Speed Up Remote Login Process Using Multiplexing
  15. Check Syntax Errors before Restarting SSHD Server
  16. Change the ssh port on Linux or Unix server
  17. OpenSSH Deny or Restrict Access To Users and Groups
  18. Linux OpenSSH server deny root user access / log in
  19. Disable ssh password login on Linux to increase security
  20. SSH ProxyCommand example: Going through one host to reach server
  21. OpenSSH Multiplexer To Speed Up OpenSSH Connections
  22. Install / Append SSH Key In A Remote Linux / UNIX Servers Authorized_keys
  23. Use ssh-copy-id with an OpenSSH Server Listening On a Different Port

🥺 Was this helpful? Please add a comment to show your appreciation or feedback.

nixCrat Tux Pixel Penguin
Hi! 🤠
I'm Vivek Gite, and I write about Linux, macOS, Unix, IT, programming, infosec, and open source. Subscribe to my RSS feed or email newsletter for updates.

3 comments… add one
  • Peter Teoh Jul 4, 2012 @ 0:23

    I had setup as above, but localhost connect or remote I will get the same error:

    Read from socket failed: Connection reset by peer

    and in verbose mode it is:

    bt:/root>ssh -vvvv root@localhost
    OpenSSH_5.3p1 Debian-3ubuntu6, OpenSSL 0.9.8k 25 Mar 2009
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug2: ssh_connect: needpriv 0
    debug1: Connecting to localhost [::1] port 22.
    debug1: Connection established.
    debug1: permanently_set_uid: 0/0
    debug1: identity file /root/.ssh/identity type -1
    debug1: identity file /root/.ssh/id_rsa type -1
    debug1: identity file /root/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version OpenSSH_5.3p1 Debian-3ubuntu6
    debug1: match: OpenSSH_5.3p1 Debian-3ubuntu6 pat OpenSSH*
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_5.3p1 Debian-3ubuntu6
    debug2: fd 3 setting O_NONBLOCK
    debug1: SSH2_MSG_KEXINIT sent
    debug3: Wrote 792 bytes for a total of 831
    Read from socket failed: Connection reset by peer


  • Kay Oct 3, 2012 @ 11:25

    @ Peter Teoh

    Look at the line : debug1: Connecting to localhost [::1] port 22.

    You will need to edit /etc/ssh/sshd_config amend the line;




    Save, Stop, Start the SSHD service

  • Adam Jan 1, 2015 @ 16:35

    Hello there,
    I can’t find my sshd in /etc/init.d/sshd
    but I do have the config file in /etc/ssh/ssh_config

    When I try and start it I get an error command not found
    tried both service (sshd, ssh) start
    also tried service sshd start
    I get an error command not found, any ideas thank you.

    P.S for this website, I don’t know why almost all websites have these google apps loading forever they never load they keep going around in circles and that drains the resources of our pc’s after a while, this is ridiculous nothing from Google works anymore.
    It is really winding me up
    You can leave it for hours it never loads I thought I’d mention it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre> for code samples. Your comment will appear only after approval by the site admin.