Going Headless With SSH Server

Published on September 8, 2021 at 7:28 am by LEW


One of the first things I do after I have completed a base build for a server is make it headless. What this means is that I set up some form of remote login, then remove any keyboard, mouse, or monitor connected to the server. This allows the server to be put virtually anywhere. If you are anything like me your workspace is already cluttered enough with out having extra computers taking up valuable space.

While there are a number of methods of remote connectivity, for a server I like to use Secure shell (ssh) over a network connection. That way my server has only two connections, power and network. If you are maintaining a hosted account somewhere, you might be familiar with this type of remote connectivity.

Do not use Telnet over any public connection. It is not secure.

Server IP Address

Before disconnecting the keyboard, mouse, and monitor you need to find your server IP address. If you created a static IP address, you should have it already. If the server uses DHCP you will have to log in to find the address, or check you router DHCP assignments. I would suggest using static IP addresses on servers, as the DHCP address can change.

Once logged in type the following command.

ip addr

This will list all the information about the servers network connection. The IP address will be listed as inet under the default adapter.


In this example, I will be using the openssh suit. In addition to ssh, the suit includes Secure Copy (scp) and Secure File Transfer Protocol (sftp). It is also available in most Linux distribution repositories.

Installing openssh on your server is half of the solution. In addition you will need an SSH client on your main computer also. The openssh suit provides a command line ssh client. If I am using a Graphical User interface (GUI), generally PuTTY is the client I use, as it is available across most platforms.

Installing Software Packages

On the base Debian Build, apt is the installed package manager, so we will use it. At the time of this writing there have been some changes to how apt works on newer versions of Debian. The original apt command I used to install packages was apt-get install <package name>. However on newer releases of Debian the apt install <package name> command will also work.

So to install the openssh server use the following command.

apt install openssh-server

Note that this will install several additional packages including the openssh-client.

On your main computer, if you are running Debian you can install the same command line client.

apt install opnessh-client

If you are running a GUI, you might prefer a more graphical user friendly client. On your main computer, if you are running Debian, you could try this.

apt install putty

Otherwise please go to the PuTTY home page and download the appropriate client program for your operating system.


Once you have the openssh server installed on your server, and an ssh client installed on your main computer, you can attempt to make a connection.

The default installation of openssh-server uses port 22 by default. So you want to make sure this port is open on both the client and the server. On the base Debian install, a firewall has not been setup, so the port should be open.

If using PuTTY, enter the server IP address and port 22, then connect.

If the computers can talk, you should get a security warning about not being able to authenticate the host, since this is your first login. Allow the connection, and your server will be added to a list of known hosts so the message will not appear again. If everything worked correctly you should be at a login command line.

Using the openssh-client from the command line you would enter ssh <server address> -p <port number>. Using the above example the entry would look like this.

ssh -p 22

By default openssh-server on Debian does not allow root login. So you will need to log in as an unprivileged user.

Becoming root

By default on the base Debian installation, sudo is not installed. So to become root, you will need to use su. I would suggest using the -l option to make sure you have the proper path variables.

su -l root

You will, of course, have to supply the root password.

Hardening Your Server

This example is for a server on your local network. If you plan to expose your server to the internet you may want to do some hardening, which is beyond the scope of this post. A simple method is to change your port number (security through obfuscation), though this will not deter a serious hacker for more than a few minutes. Secure complex passwords are a better option. And the best option is to use Public-key encryption.


Poke around a bit and try a few commands. The experience using openssh should be similar to when you where actually sitting in front of the computer and directly logged in.

Openssh is a secure and convenient way to run a headless server, which can be placed anywhere there is a network connection. And it might also allow you to get a bunch of stuff out of your workspace.

Add New Comment

Your email address will not be published. Required fields are marked *