Set Up an SSH Server on Your Linux Laptop with a Windows Client

I have 2 older laptops.  What could I do with them?

The two laptops I have are a little dated. One has Windows 11 Home. The second is an Acer That I installed Ubuntu on for the OS. Both machines have 4 GB of memory and not the best processors; but it is enough to get started with a little experimentation. 

What is an SSH Server?

An SSH (Secure Shell) server is a network service that allows users to securely connect to and control a remote machine over an encrypted connection. SSH uses cryptographic protocols to ensure data integrity and confidentiality, making it a preferred method for remote system management, file transfers, and tunneling applications.

Why Do You Need an SSH Server in Your Home Lab?

Setting up an SSH server in your home lab offers several key benefits:

1. Remote Access – You can manage your lab machines from anywhere in your house without needing a physical connection.
2. Command-Line Control – It allows you to execute commands, install software, and configure your server efficiently.
3. Secure File Transfer – With SSH, you can transfer files securely using protocols like SCP (Secure Copy Protocol) or SFTP (SSH File Transfer Protocol).
4. Learning & Experimentation – A home SSH server lets you practice Linux system administration, networking concepts, and security best practices.
5. Optimizing Old Hardware – Repurposing older laptops into an SSH-accessible server enables you to run lightweight services without needing additional hardware.

Your Project Setup: Ubuntu SSH Server & Windows Client

This setup is an excellent hands-on way to showcase real-world applications of SSH while making use of older tech efficiently. Using two dated laptops for this experiment is a great idea because SSH doesn’t require much computing power. Your setup likely includes:

1. (Windows 11, 4GB RAM)

• Windows as the Client: Using Windows PowerShell (ssh username@server_ip) to establish remote sessions.

2. (Linux Ubuntu, 4GB RAM)

• Ubuntu as the SSH Server: Running the openssh-server package to allow SSH connections.

Setting Up an SSH Server on Your Linux Laptop

Since you're running Ubuntu on one of your machines, setting up OpenSSH will allow you to remotely access and manage your Linux system from your Windows laptop.

Step 1: Install the OpenSSH Server

Before your Ubuntu laptop can accept SSH connections, you'll need to install the OpenSSH server package:

• sudo apt update

This updates your system's package lists, ensuring you install the latest available version of OpenSSH.

• sudo apt install openssh-server

This command installs the OpenSSH server package, allowing your laptop to act as an SSH host.

Step 2: Understanding the SSH Directory Structure

When the OpenSSH server is installed, it creates several directories and configuration files:

• /etc/ssh/ – Stores SSH configuration files, including sshd_config, the primary configuration file for the SSH daemon.
• /var/run/sshd – Contains runtime data necessary for SSH operation.
• ~/.ssh (Home Directory) – Stores user-specific SSH keys for authentication.

These files dictate how the SSH server functions and can be customized for security enhancements. More details on configuring sshd_config will come later.

Step 3: Checking the SSH Server Status

Once the OpenSSH server is installed, verify that it’s running:

• systemctl status ssh

If SSH is active, you will see output like:

Active: active (running)

If the service is not running, start it manually:

• sudo systemctl start ssh

For persistent access across reboots, enable SSH:

• sudo systemctl enable ssh

Step 4: Retrieving the IP Address of Your Linux Server

To connect to your Ubuntu laptop, you need its IP address. Run:

• ip a

This will list all network interfaces, and you can find the assigned IP address under inet next to the primary network interface (typically eth0 or wlan0).

Step 5: Connecting from Your Windows Client

Windows now includes a built-in SSH client via PowerShell, so external tools like PuTTY aren't always necessary. To initiate an SSH connection from Windows:

Open PowerShell. Use the following command:

•  ssh your-username@your-linux-ip

 Example:   ssh user_admin@192.168.1.100

What Happens the First Time You Log In?

When you connect to the SSH server for the first time, you'll see a security prompt similar to this:

The authenticity of host '192.168.1.100 (192.168.1.100)' can't be established.

ECDSA key fingerprint is SHA256:<fingerprint>.

Are you sure you want to continue connecting (yes/no)?

This message warns that the SSH server's identity is not yet verified. If you trust the server, type yes and press Enter. The system will then store the server's fingerprint in ~/.ssh/known_hosts on the Windows client.

Next, you'll be prompted for the Ubuntu user's password:

user_admin@192.168.1.100's password:

After entering the correct password, you're successfully logged into the Linux system remotely!

Note: When a user logs into an Ubuntu system for the first time, it often notifies them of available package updates. Running 

• sudo apt upgrade -y 

ensures that all installed packages get updated to their latest versions, improving security and stability.

Keeping your system updated ensures you get the latest security patches and performance improvements.

From here, you can execute commands on your Ubuntu laptop, transfer files securely, or configure additional SSH options.

---

Configuring SSH Server for Secure Access

1. Setting Up Public & Private Key Authentication

Instead of relying on passwords, it’s a good security practice to use SSH key-based authentication. This method makes remote access more secure.

Step 1: Generate an SSH Key Pair on Windows

Open PowerShell and run:

• ssh-keygen -t ed25519 -C "test"

This command creates two keys:
✅ Private Key (id_ed25519) – Used for authentication; keep it secret.
✅ Public Key (id_ed25519.pub) – Shared with the server; allows login.

You'll be prompted for a location:

Press Enter to accept the default location.

Next, you'll be asked for a passphrase:

Enter passphrase (empty for no passphrase):

A passphrase adds another layer of security. If you enter one, you'll need to provide it whenever using the key. After confirmation, your key pair will be saved in the .ssh directory.

To check the files, run:

• cd ~/.ssh
• ls

Step 2: View and Copy Your Public Key

Display the public key using:

• get-content id_ed25519.pub

You will see a long string starting with ssh-ed25519 and ending with your comment "test".

Example:

ssh-ed25519 ABCCD3NzaC1lZDI1NTE5AABNIBJcMXTxxuV+7wbmF37FKxhMOByjOuTKy1X3c3e4PfUf test

Copy the entire string.

Step 3: Log into Your SSH Server

From PowerShell, connect to your Ubuntu server:

• ssh username@server_ip

Once inside, navigate to your .ssh directory:

• mkdir -p ~/.ssh

This ensures the directory exists.

Step 4: Add Your Public Key to the Server

Now, paste the key into the authorized_keys file using the echo command:

• echo "ssh-ed25519 ABCCD3NzaC1lZDI1NTE5AABNIBJcMXTxxuV+7wbmF37FKxhMOByjOuTKy1X3c3e4PfUf test" >> ~/.ssh/authorized_keys

🔍 Breaking down the echo command:

• echo "your-public-key" → Outputs the key as text.
• >> ~/.ssh/authorized_keys → Appends it to the authorized_keys file.

Step 5: Secure the Key Permissions

Now, restrict access to the authorized_keys file:

• chmod 600 ~/.ssh/authorized_keys

This ensures only your user can read and write to the file.

Now try logging in again. If everything is set up correctly, you should be able to connect without entering a password.  Next, for extra security, you can disable password authentication completely in the SSH configuration.

Configuring sshd_config for Security

The sshd_config file is the central configuration file for the SSH daemon (sshd), which controls how your SSH server operates. It defines authentication settings, connection behavior, and security policies. By modifying this file, you can strengthen security and customize how SSH sessions function.

When you open /etc/ssh/sshd_config with a text editor like nano, you'll notice that many lines begin with a #. These lines are comments or default settings that haven't been explicitly enabled. To apply a setting, remove the # before the directive and modify its value.

Here are the key lines you'll be updating:

• #PermitRootLogin prohibit-password
• #PubkeyAuthentication yes
• #PasswordAuthentication yes
• #ClientAliveInterval 0
• #ClientAliveCountMax 3

.

To edit the file, run:

• sudo nano /etc/ssh/sshd_config

Modify or the following lines:

Locate each setting, remove the # if present, and adjust the values accordingly.

#PermitRootLogin prohibit-password

•  PermitRootLogin no
•  Why? Prevents direct SSH login as the root user, reducing unauthorized access risks.

#PubkeyAuthentication yes

• PubkeyAuthentication yes
• 💡 Why? Ensures SSH key authentication is enabled.

#PasswordAuthentication yes

• PasswordAuthentication no
• 💡 Why? Disables password-based logins, forcing key-based authentication for better security.

#ClientAliveInterval 0

• ClientAliveInterval 300
• 💡 Why? Sends a keep-alive message every 300 seconds (5 minutes) to check if the client is still active.

#ClientAliveCountMax 3

• ClientAliveCountMax 3
• 💡 Why? Disconnects inactive sessions after 3 failed keep-alive responses (prevents lingering connections).

Step 2: Save and Exit

• After making the changes, press CTRL + X, then Y, and Enter to save.

Step 3: Restart the SSH Daemon

For changes to take effect, restart SSH:

• sudo systemctl restart ssh

Step 4: Verify Configuration

Check if SSH is running and applying the new settings:

• sudo systemctl status ssh

With these changes, your SSH server is more secure, allowing key-based authentication only, preventing root login, and controlling session timeouts. Now your system is set up for safer and more reliable remote access.