How to Install and Setup SSH Server and Client on your Embedded Linux Device

Author: Ganesh Velrajan

Last Updated: Wed, May 10, 2023

OpenSSH is a free open source software that uses Secure Shell(SSH) protocol to create secure and encrypted communication channels over computer networks.

OpenSSH is developed by the Open BST Community and it is released under a Simplified BSD License.

OpenSSH comes with additional features such as SFTP and SCP to perform secure file transfer and secure copy over a computer network.

Setting up SSH server in your IoT device is essential for enabling secure remote access to your IoT device.

How to install OpenSSH server on your IoT device

To install and run SSH server on your IoT device, execute the following commands:

Debian/Ubuntu Linux:

First update your linux and then install the openssh server

$ sudo apt-get update
$ sudo apt-get install openssh-server
The following commands will enable and run SSH server as a daemon in the background.
$ sudo systemctl enable ssh

$ sudo systemctl start ssh

RHEL/CentOS Linux:

$ sudo yum update

$ sudo yum -y install openssh-server
Then enable SSH server and start it.
$ sudo chkconfig sshd on

$ sudo service sshd start
SSH uses port 22 for communication.  If it is not enabled already, execute the following command to open up the SSH port on your linux system.

$ sudo /sbin/iptable -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
$ sudo service iptables save

How to install SSH client on your client machines

Use the following command to install SSH client on your laptops or any device from where you would remote SSH into your IoT device.


$ sudo apt-get update
$ sudo apt-get install openssh-client


$ sudo yum update

$ sudo yum -y install openssh-client

How to create and setup SSH Keys

SSH uses a public/private key based encryption algorithm for encrypting the communication channel.  Use the ssh-keygen command to generate SSH keys for those clients that need to SSH into your IoT devices.

Go to your client machine (Laptop, for eg.) and open up a terminal and execute the following command.  Follow the instructions on the screen to create a public/private key pair.

$ ssh-keygen -b 4096

Generating public/private rsa key pair.

Enter file in which to save the key (/home/your_home/.ssh/id_rsa):
The keys will be saved usually in your home directory under the “.ssh” folder.  Leave the private key in your client machine.  Copy just the contents of /home/your_)home/.ssh/ file and paste it (actually append it) to the “~/.ssh/authorized_keys” file in your IoT device where the SSH server runs.

From now on, you can login to your IoT device remotely using the SSH private key in your client machine using the following command

$ ssh -i ~/.ssh/id_rsa.key [email protected] -p 23224

Disable Password Authentication on your SSH Server

After configuring your SSH server and client to use private/public key for authentication, it is wise and safe to turn off password based authentication, because passwords are relatively easy to crack.

Before you perform this step, make sure you have setup your public/private key pairs correctly and you are able to login using them.  Otherwise, once you disable password authentication, you’ll be locked out of your IoT device.

To disable password authentication, open the SSH server’s configuration file as a sudo user.

sudo nano /etc/ssh/sshd_config
Inside the file, search for a directive called PasswordAuthentication.  This may be commented out. Uncomment the line and set the value to “no”.  This will disable your ability to log in to the SSH server using account passwords:

PasswordAuthentication no
Save and close the file when you are finished.

To actually implement the changes we just made, you must restart the service.

On Ubuntu or Debian machines, you can issue this command:

sudo service ssh restart
On CentOS/Fedora machines, issue the following command:

sudo service sshd restart
After completing this step, you’ve successfully transitioned your SSH daemon to only respond to SSH keys.


SSH uses encryption to securely communicate with your IoT device over any unsecure network such as the internet.

Setting up SSH server in your IoT device and the client software in your access devices is essential for enabling remote access to your IoT device.

Disabling password based SSH authentication and enabling SSH key based authentication for SSH login significantly improves IoT device remote access security.

OpenSSH server and client software, combined with the power of SocketXP IoT Remote Access Solution is a great combination for managing and maintaining your IoT device fleet remotely.

Start Your Free Trial Now

Try SocketXP for free with no commitments. No credit card required.