Nick Cook

This tutorial focuses on setting up and configuring a SSH server on a Debian 10 minimal server

SSH, for Secure Shell, is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet. SSH architectures typically includes a SSH server that is used by SSH clients to connect to the remote machine.

As a system administrator, it is very likely that you are using SSH on a daily basis to connect to remote machines across your network.

As a consequence, when new hosts are onboarded to your infrastructure, you may have to configure them to install and enable SSH on them.

In this tutorial, we are going to see how you can install and enable SSH, via OpenSSH, on a Debian 10 distributions.

Prerequisites

In order to install a SSH server on Debian 10, you will need to have sudo privileges on your host.

To check whether you have sudo privileges or not, run the following command

$ sudo -l

If you are seeing the following entries on your terminal, it means that you have elevated privileges

By default, the ssh utility should be installed on your host, even on minimal configurations.

In order to check the version of your SSH utility, you can run the following command

$ ssh -V

As you can see, I am running OpenSSH v7.9 with OpenSSL v1.1.1.

Note that it does not mean that SSH servers are installed on my host, it just means that I may able to connect to remote machines as a client using the SSH utility.

It also means that specific utilities related to the SSH protocol (such as scp for example) or related to FTP servers (such as sftp) will be available on my host.

• How To Install and Enable SSH Server on Ubuntu 20.04
• How To Clone a Git Repository | Clone a Git Repository with Command Line & Sourcetree
• How To Manage Root Account on Ubuntu 20.04

Installing OpenSSH Server on Debian 10

First of all, make sure that your packages are up to date by running an update command

$ sudo apt-get update

In order to install a SSH server on Debian 10, run the following command

$ sudo apt-get install openssh-server

The command should run a complete installation process and it should set up all the necessary files for your SSH server.

If the installation was successful, you should now have a sshd service installed on your host.

To check your newly installed service, run the following command

$ sudo systemctl status sshd

By default, your SSH server is going to run on port 22.

This is the default port assigned for SSH communications. You can check if this is the case on your host by running the following netstat command

$ netstat -tulpn | grep 22

Great! Your SSH server is now up and running on your Debian 10 host.

Enabling SSH traffic on your firewall settings

If you are using UFW as a default firewall on your Debian 10 system, it is likely that you need to allow SSH connections on your host.

To enable SSH connections on your host, run the following command

$ sudo ufw allow ssh

Enable SSH server on system boot

As you probably saw, your SSH server is now running as a service on your host.

It is also very likely that it is instructed to start at boot time.

To check whether your service is enable or not, you can run the following command

$ sudo systemctl list-unit-files | grep enabled | grep ssh

If no results are shown on your terminal, enable the service and run the command again

$ sudo systemctl enable ssh

Configuring your SSH server on Debian

Before giving access to users through SSH, it is important to have a set of secure settings to avoid being attacked, especially if your server is running as an online VPS.

As we already saw in the past, SSH attacks are pretty common but they can be avoided if we change default settings available.

By default, your SSH configuration files are located at /etc/ssh/

In this directory, you are going to find many different configuration files, but the most important ones are :

• ssh_config: defines SSH rules for clients. It means that it defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
• sshd_config: defines SSH rules for your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.

We are obviously going to modify the server-wide part of our SSH setup as we are interested in configuring and securing our OpenSSH server.

Changing SSH default port

The first step towards running a secure SSH server is to change the default assigned by the OpenSSH server.

Edit your sshd_config configuration file and look for the following line.

#Port 22

Make sure to change your port to one that is not reserved for other protocols. I will choose 2222 in this case.

When connecting to your host, if it not running on the default port, you are going to specify the SSH port yourself.

Please refer to the ‘Connecting to your SSH server’ section for further information.

Disabling Root Login on your SSH server

By default, root login is available on your SSH server.

It should obviously not be the case as it would be a complete disaster if hackers were to login as root on your server.

If by chance you disabled the root account in your Debian 10 installation, you can still configure your SSH server to refuse root login, in case you choose to re-enable your root login one day.

To disable root login on your SSH server, modify the following line

#PermitRootLogin

PermitRootLogin no

Configuring key-based SSH authentication

In SSH, there are two ways of connecting to your host : by using password authentication (what we are doing here), or having a set of SSH keys.

If you are curious about key-based SSH authentication on Debian 10, there is a tutorial available on the subject here.

Restarting your SSH server to apply changes

In order for the changes to be applied, restart your SSH service and make sure that it is correctly restarted

$ sudo systemctl restart sshd
$ sudo systemctl status sshd

Also, if you change the default port, make sure that the changes were correctly applied by running a simple netstat command

$ netstat -tulpn | grep 2222

Connecting to your SSH server

In order to connect to your SSH server, you are going to use the ssh command with the following syntax

$ ssh -p <port> <username>@<ip_address>

If you are connecting over a LAN network, make sure to get the local IP address of your machine with the following command

$ sudo ifconfig

For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command

$ ssh -p 2222 <user>@127.0.0.1

You will be asked to provide your password and to certify that the authenticity of the server is correct.

Exiting your SSH server

In order to exit from your SSH server on Debian 10, you can hit Ctrl + D or type ‘logout’ and your connection will be terminated.

Disabling your SSH server

In order to disable your SSH server on Debian 10, run the following command

$ sudo systemctl stop sshd
$ sudo systemctl status sshd

From there, your SSH server won’t be accessible anymore.

Troubleshooting

In some cases, you may run into many error messages when trying to setup a SSH server on Debian 10.

Here is the list of the common errors you might get during the setup.

Debian : SSH connection refused

Usually, you are getting this error because your firewall is not properly configured on Debian.

To solve “SSH connection refused” you have to double check your UFW firewall settings.

By default, Debian uses UFW as a default firewall, so you might want to check your firewall rules and see if SSH is correctly allowed.

$ sudo ufw status

Status: active
 
To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere

If you are using iptables, you can also have a check at your current IP rules with the iptables command.

$ sudo iptables -L -n

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:ssh

If the rule is not set for SSH, you can set by running the iptables command again.

$ sudo iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT

Debian : SSH access denied

Sometimes, you may be denied the access to your SSH server with this error message “SSH access denied” on Debian.

To solve this issue, it depends on the authentication method you are using.

SSH password access denied

If you are using the password method, double check your password and make sure you are entering it correctly.

Also, it is possible to configure SSH servers to allow only a specific subset of users : if this is the case, make sure you belong to that list.

Finally, if you want to log-in as root, make sure that you modified the “PermitRootLogin” option in your “sshd_config” file.

#PermitRootLogin

PermitRootLogin yes

SSH key access denied

If you are using SSH keys for your SSH authentication, you may need to double check that the key is correctly located in the “authorized_keys” file.

If you are not sure about how to do it, follow our guide about SSH key authentication on Debian 10.

Debian : Unable to locate package openssh-server

For this one, you have to make sure that you have set correctly your APT repositories.

Add the following entry to your sources.list file and update your packages.

$ sudo nano /etc/apt/sources.list

deb http://ftp.us.debian.org/debian wheezy main

$ sudo apt-get update

Conclusion

In this tutorial, you learnt how you can install and configure a SSH server on Debian 10 hosts.

You also learnt about basic configuration options that need to be applied in order to run a secure and robust SSH server over a LAN or over Internet.

If you are curious about Linux system administration, we have a ton of tutorials on the subject in a dedicated category.

Adding and deleting users is one of the most basic tasks when starting from a fresh Debian 10 server.

Adding user can be quite useful. As your host grows, you want to add new users, assign them special permissions, like sudo rights for example.

In this tutorial, we are going all the ways to add and delete users on Debian 10 hosts.

Prerequisites

In order to add and delete users on Debian, you need to have sudo rights, or to belong to the sudo group.

If you are not sure about how to add a user to sudoers, make sure to check the tutorial we wrote about it.

To check your sudo rights, run the following command

$ sudo -v

If no error messages appear, you are good to go, otherwise ask your system administrator to provide you with sudo rights.

Adding a user using adduser

The first way to add users on Debian 10 is to use the adduser command.

The adduser command is very similar to the useradd command. However, it provides a more interactive way to add users on a Debian host.

Generally, it is preferred to use adduser rather than useradd (as recommended by the useradd man page itself)

To add a user, run this command

$ sudo adduser ricky

Adding user 'ricky'
Adding new group 'ricky' (1007)
Adding new user 'ricky' (1005) with group 'ricky'
Creating home directory '/home/ricky'
Copying files from '/etc/skel'

You will be asked to choose a password for the user

New password: <type your password>
Retype new password: <retype your password>
Changing the user information for ricky

Then you will be asked to specify some specific information about your new user.

You can leave some values blank if you want by pressing Enter.

Enter the new value, or press ENTER for the default
   Full Name []:
   Room Number []:
   Work Phone []:
   Home Phone []:
   Other []:

Finally, you will be asked if the information provided is correct. Simply press “Y” to add your new user.

Is the information correct? [Y/n] Y

Now that your user was created, you can add it to the sudo group.

• How To Add A User to Sudoers On CentOS 8 | Centos 8 Add User to Group
• How To Install Docker on Ubuntu 18.04 & Debian 10
• How to Add and Delete Users on Ubuntu 18.04

Adding a user using useradd

$ sudo useradd <username>

To assign a password to the user, you can use the -p flag but it is not recommended as other users will be able to see the password.

To assign a password to a user, use the passwd command.

$ sudo passwd <username>

New password:
Retype new password:
passwd: password updated successfully

Add a user using the GNOME desktop

If you installed Debian 10 with GNOME, you can also create a user directly from the desktop environment.

In the Applications search bar, search for “Settings”.
In the Settings window, find the “Details” option.

Click on “Details”, then click on “Users”.

On the top right corner of the window, click on “Unlock”.

Enter your password, and a “Add User” option should now appear in the panel.

In the next window, choose what type of account you want for the user (either with sudo rights or not).

Fill the full name field, as well as the username field.

You can choose to assign a password now or you can let the user decide on its password on its next logon.

When you are done, simply click on “Add”.

Congratulations, your account was successfully created.

Check that your user was added

In order to check that your user was created on Linux, run the following command.

$ cat /etc/passwd | grep <user>
<user>:x:1005:1007:User,,,:/home/user:/bin/bash

If there are no entries for the user you just created, make sure to use the adduser command again.

Deleting a user using deluser

In order to delete a user on Debian 10, you have to use the deluser command.

$ sudo deluser <username>

To remove a user with its home directory, run the deluser command with the –remove-home parameter.

$ sudo deluser --remove-home <username>

Looking for files to backup/remove
Removing user 'user'
Warning: group 'user' has no more members.
Done.

To delete all the files associated with a user, use the –remove-all-files parameter.

$ sudo deluser --remove-all-files <username>

Deleting a sudo user with visudo

If you removed a sudo user on Debian, it is very likely that there is a remaining entry in your sudoers file.

To delete a user from the sudoers file, run visudo.

$ sudo visudo

Find the line corresponding to the user you just deleted, and remove this line.

<username>    ALL=(ALL:ALL) ALL

Save your file, and your user should not belong to the sudo group anymore.

Deleting a user using the GNOME Desktop

From the users panel we used to create a user before, find the “Remove user” option at the bottom of the window.

Note : you need to unlock the panel to perform this operation.

When clicking on “Remove User”, you are asked if you want to keep the files owned by this user. In this case, I will choose to remove the files.

Troubleshooting

In some cases, you may have some error messages when trying to execute some of the commands above.

adduser : command not found on Debian

By default, the “adduser” command is located in the “/usr/sbin” folder of your system.

$ ls -l /usr/sbin/ | grep adduser
-rwxr-xr-x 1 root root    37322 Dec  5  2017 adduser

To solve this issue, you need to add “/usr/sbin” to your $PATH.

Edit your .bashrc file and add the following line

$ sudo nano ~/.bashrc

export PATH="$PATH:/usr/sbin/"

Source your bashrc file and try to run the adduser command again.

$ source ~/.bashrc

$ sudo adduser john
Adding user `john' ...
Adding new group `john' (1001) ...
Adding new user `john' (1001) with group `john' ...
Creating home directory `/home/john' ...
Copying files from `/etc/skel' ...

You solved the “adduser : command not found” problem on Debian 10.

Conclusion

As you can see, adding and deleting users on Debian 10 is pretty straightforward.

Now that your users are created, you can also set up SSH keys on Debian 10 for a seamless authentication.

Every system administrator got this error at least one time in a shell : “bash : command not found“.

However, you were pretty sure that you wrote the command correctly, or that you installed the tool that you are actually trying to execute.

So why are you getting this error?

The “bash : command not found” error can happen for various reasons when running commands in a Bash terminal.

Today, we are taking a look at the different ways to solve the “command not found” error in Bash.

Bash & PATH concepts

Before starting out with the solution, it is important to have a few concepts about what the PATH environment variable is and how it is related to the commands you run.

PATH is an environment variable that lists the different directories that your bash terminal will visit in order to find utilities on your system.

To have a look at your PATH environment variable, simply use the “echo” command with the PATH variable.

$ echo $PATH

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin

As you can see, PATH is defined by a list of different system paths delimited by colons.

They are the different paths visited by my interpreter in order to run commands.

If I were to remove an entry from the PATH, or remove the PATH all together, you would not be able to run commands in the bash without specifying the entire path to the binary.

It is an important point to understand because not being able to run a command does not mean that your binary was deleted on the system.

Now that you understand how environment variables are related to your bash interpreter, let’s see how you can solve your error.

Verify that the file exists on the system

The first step to solve this error is to verify that the command you are looking for actually exist on the system.

There are really no points going further if you mispelled the command or if you didn’t install it at all.

Let’s say for example that you cannot run the “ls” command.

Verify that the binary actually exists by searching for the binary on the system.

$ /usr/bin/find / -name ls 2> /dev/null

/bin/ls
/usr/lib/klibc/bin/ls

With the find command, you are able to locate the binary along with the directory where it is stored.

It is quite important because we will need to add this path to our PATH environment variable later on.

• Docker Exec Command With Examples | How to Run a Docker Exec Command inside a Docker Container?
• Pwd Command in Linux (Current Working Directory)
• Writing Scripts on Linux using Bash

Verify your PATH environment variable

Most of the time, you will run into the “bash : command not found” after changing your PATH environment in order to add new entries.

First, verify that the path you searched for before is listed in your PATH environment variable.

$ echo $PATH

/home/user/custom:/home/user

As you can see here, the “/bin” directory is not listed in my PATH environment variable.

By default, the PATH is defined in the “/etc/environment” file for all the users on the system.

If your PATH environment variable is different from the one defined in the environment file, it is because you have overriden the PATH.

Now that you have two choices : either you know where you exported the PATH variable or you don’t.

Fixing your profile scripts : bashrc, bash_profile

In most of the cases, you modified the .bashrc or the .bash_profile file in order to add your PATH override.

To search where you exported your PATH, run the following command

$ /usr/bin/grep -rn --color "export PATH" ~/. 2> /dev/null

./.bashrc:121:export PATH="/home/devconnected"

This command returns the file where the PATH was exported as well as the line number.

Edit this file and add the path from the first section to the export statement.

$ nano /home/user/.bashrc

export PATH="/home/devconnected:/bin"

Save your file and exit the nano editor.

For the changes to be applied, you will have to source your current bash terminal.

This will ensure that the .bashrc file is executed again in the current shell terminal.

$ source .bashrc

Why can you execute source without having to specify the full path?

Because “source” is a shell built-in command.

Try executing “builtin source .bashrc” for example

Now, you can try to execute the command you failed to execute before.

$ ls

file  devconnected  file2  directory1  swap file3

Awesome!

You fixed the “bash : command not found” error on Linux!

Reset the PATH environment variable properly

Even if you solve your issue, you will have to define your PATH environment variable properly if you don’t want to modify your bashrc file all the time.

First, have a look at the PATH variable defined in the “/etc/environment” file.

$ cat /etc/environment

PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"

In order to reset your PATH environment variable on your environment, export the PATH defined in the environment file.

$ export=PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"

Now, modify your .bashrc file but use the $PATH syntax in order to append your paths to the existing PATH variable.

$ sudo nano ~/.bashrc

export PATH="$PATH:/home/devconnected"

Exit the file and source your bashrc file for the changes to be applied.

$ source ~/.bashrc

$ echo $PATH

/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/home/devconnected

Awesome!

You have successfully resetted your PATH environment variable, you should not get the “bash : command not found” error anymore.

Execute the command as sudo

In some cases, your PATH environment variable may be perfectly configured but you will have to execute the command as sudo.

You may get this error or just a simple “permission denied” error.

In any cases, first make sure that you have sudo rights with the sudo command.

$ sudo -l

User user may run the following commands on ubuntu:
    (ALL : ALL) ALL

If this is the case, you should be able to execute your command as sudo.

$ sudo <command>

Congratulations!

You have solved the “bash : command not found” error on your system.

Verify that the package is correctly installed

In some cases, you think that your command is installed but you didn’t install the command to begin with.

Let’s say for example that you are looking to run the “htop” command but you are not able to do it.

$ htop

bash : Command 'htop' not found

To verify if the command is correctly installed, depending on your distribution, run the following commands.

$ dkpg -s htop     [Ubuntu/Debian]

dpkg-query: package 'htop' is not installed and no information is available
Use dpkg --info (= dpkg-deb --info) to examine archive files,
and dpkg --contents (= dpkg-deb --contents) to list their contents.

$ rpm -qa | grep htop    [CentOS/RHEL]

In any case, you will have to install the command if you want to run it properly.

$ sudo apt-get install htop   [Ubuntu/Debian]

$ sudo yum install htop       [CentOS/RHEL]

Now you can try to run the command that was missing.

$ htop

Conclusion

In this tutorial, you learnt how you can solve the famous “bash : command not found” error that many system administrators encounter every day.

If you solve your issue with a solution that is not described in the article, make sure to leave a comment in order to help other administrators.

If you are interested in Linux system administration, we have a complete section dedicated to it on the website, so make sure to have a look.