Secure Shell


Definition of SSH from Wikipedia :

Secure Shell or SSH refers to both a network protocol and corresponding programs that can be used to establish an encrypted network connection with a remote device in a secure manner. Often this method is used to bring a remote command line to the local computer, i.e. the local console displays the output of the remote console and the local keyboard input is sent to the remote computer. This gives the effect of sitting in front of the remote console, which can conveniently be used for remote maintenance of, for example, a root server located in a remote data center. The newer protocol version SSH-2 offers further functions like data transfer via SFTP.

IANA has assigned TCP port 22 to the protocol, but any other ports can be selected in the daemon’s configuration files to make attacks more difficult, for example, since the SSH port is not known to the attacker.

Securing SSH

It is not secure to allow root logins via SSH. It is important not to make root logins the default because Debian should be secure, not insecure. Similarly, attackers should not be able to perform a wordlist-based password attack (brute force attack) on the SSH login over ten minutes. Therefore, it makes sense to limit the login time window as well as the number of possible attempts.

To make SSH more secure, use a text editor of your choice to edit the file /etc/ssh/sshd_config.

The following settings can be adjusted to increase security:

The following settings must be added if they are not present:


systemctl restart ssh

Now you have a somewhat secure SSH configuration. Not completely secure, just better, especially if you have added a user specifically for using SSH.

SSH for X Window Programs

ssh -X allows you to connect to a remote computer and display its X graphics server on your own local computer. You enter the command as user (not root) (and note that X is a capital letter):

$ ssh -X (or IP)

Enter the password for the remote computer’s username and start a graphical application in the shell. Examples:

$ iceweasel OR oocalc OR oowriter OR kspread

On very slow connections, it may be advantageous to use the compression option to increase the transfer rate. However, for fast connections, the opposite effect may occur:

$ ssh -C -X (or IP)

More information:

$ man ssh

Note: If ssh refuses a connection and you get an error message, search in $HOME for the hidden directory .ssh, delete the file known_hosts and try a new connection. This problem occurs mainly when you have assigned the IP address dynamically (DCHP).

Copy scp via ssh

scp is a command line utility (Terminal/CLI) to copy files between network computers. It uses ssh for authentication and secure file transfer, so scp requires a password or passphrase to log in.

If you have ssh rights on a network PC or network server, scp allows you to copy partitions, directories, or files to or from a network computer (or an area on it) that you have access rights to. This can be, for example, a PC or server on the local network, a computer on a remote network, or a local USB drive. The copy operation can take place between remote computers/storage devices.

It is also possible to recursively copy entire partitions or directories with scp -r. Note that this command also follows symbolic links in the directory tree.


  1. Copying a partition:

    scp -r <user> /media/diskXpartX/
  2. Copying a directory on a partition, in this case a directory named photos in $HOME:

    scp -r <user> /media/diskXpartX/xx
  3. Copying a file in a partition’s directory, in this case a file in $HOME:

    scp <user> /media/diskXpartX/xx
  4. Copying a file on a partition:

    scp <user> /media/diskXpartX/xx
  5. If you are in the drive or directory where another directory or file shall be copied to, use only a . (dot):

    scp -r <user> .

Additional information:

man scp

SSH with Dolphin

Both Dolphin and Krusader are capable of accessing data from a remote computer using the sftp protocol present in ssh.

This is how it is done:
1) Open a new Dolphin window.
2) The syntax in the address bar is: “s”.

Example 1: A dialog window opens and asks for the SSH password. Enter the password and click OK:


Example 2: You are not asked for a password but connected directly.


For a LAN environment:


Please enter the correct IP! Afterwards, a dialog window occurs, asking for the ssh password.
A SSH connection in Dolphin is now established. In this Dolphin window, you can work with the files on the SSH server as if they were local files.

NOTE: If a port other than 22 (default) is used, it must be specified when using sftp:


“user@ip:port” - this is the default syntax for many protocols/programs like sftp and smb.

SSHFS - mount on a remote computer

SSHFS is a simple, fast, and secure method using FUSE to mount a remote filesystem. On the server side, all you need is a running ssh daemon.

On the client side, you probably need to install sshfs first:

apt update && apt install sshfs

fuse3 and groups are already on the ISO and do not need to be installed separately.

Mounting a remote filesystem is very easy:

sshfs -o idmap=user username@remote_hostname:directory local_mountpoint

If no specific directory is specified, the remote user’s home directory will be mounted. Please note: the colon “:” is mandatory even if no directory is specified!

Once mounted, the remote directory behaves like any other local file system. You can browse, read and modify files, and execute scripts just like on a local file system.

Mounting the remote host is accomplished with the following command:

fusermount -u local_mountpoint

If you use sshfs regularly, it is recommended to make an entry in /etc/fstab (all in one line):

sshfs#remote_hostname://remote_directory /local_mount_point
 fuse -o idmap=user ,allow_other,uid=1000,gid=1000,noauto,
 fsname=sshfs#remote_hostname://remote_directory 0 0 

Next, remove the comment character before “user_allow_other” in the file /etc/fuse.conf:

# Allow non-root users to specify the 'allow_other'
# or 'allow_root' mount options.

This allows any user in the fuse group to mount or unmount the filesystem:

mount /path/to/mount/point # mount
umount /path/to/mount/point # unmount

Use this command to check if you are a member of the fuse group:

cat /etc/group | grep fuse

The answer should look something like this:

fuse:x:117: <username>

If the username is not listed, use the adduser command as root:

adduser <username> fuse

Note: The user will not be a member of the group “fuse” until he logs in again.
Now the desired username should be listed and the following command should be executable:

mount local_mountpoint


umount local_mountpoint
Last edited: 2022/04/03