When launching a home server, the first stumbling block is often the problem of “How to bring up the screen?” If you are home, you can just connect an HDMI cable to a monitor, but swapping cables every time for that is quietly tedious. Besides, the number of displays and HDMI ports is limited, and I don’t want to expand my workspace just for that.
So this time, I will introduce a method to operate your home server directly from your main PC using SSH connection. With this, you can operate comfortably without a monitor, and apply it directly when accessing from outside via VPN later.
Since we’re at it, let’s represent security solidly and configure connection via Public Key Authentication. It requires settings on both Client and Server, but I will explain each step clearly, so even beginners should be able to introduce it with confidence.
Equipment Used
- Server PC: Ubuntu Server 24.04LTS
- If it’s a Linux lineage, while commands may differ, I think you can introduce it with almost the same flow.
- Client PC: Windows 11 (WSL2 installed)
Install SSH on Server and Try Accessing
Set Static IP on Server
Set a static IP on the server PC by any method. If you don’t set a static IP, the server’s IP address will switch periodically, requiring you to verify it every time you access.
There are two ways to fix the IP: fixing it via Router DHCP or specifying it on the Server side. Please refer to the following article for procedures. By the way, I fix it on the DHCP side.
>-
Install and Start SSH on Server
First, install OpenSSH. It might say installed in some cases.
sudo apt install openssh-serverNext, start ssh and check the status. If it says active when you run systemctl status ssh, SSH startup is successful.
# Startsudo systemctl start ssh# Check SSH statussudo systemctl status sshTry SSH from Client (Another PC)
Try SSH from a PC existing in the same network. This time I will SSH from Ubuntu installed on WSL2.
If the static IP is correctly set, SSH connection should be possible as below. Since it’s default settings, it should be password authentication, so enter the password to log in.
ssh {username_on_server}@{static_ip_of_server}If Welcome to … is displayed after entering the password, it’s a success.
Configure Public Key Authentication for SSH
Generate Keys on Client
First, generate a key pair on the client-side PC. You will be asked the following upon generation, set them according to situation and usage.
- file
- Arbitrary is fine, but if it already exists, you might want to change the filename.
- passphrase
- It’s safer to set one. There’s a demerit of being asked for input every time used, so it’s a trade-off between convenience and security.
ssh-keygen -t ed25519 -CRef: https://www.ssh.com/academy/ssh/keygen
After execution, a key pair is generated with the set filename. If generated with default filename, id_ed_25519 (Private Key) and id_ed_25519.pub (Public Key) should be created.
Of these two, you will register the Public Key on the server side. (If curious about public key authentication, looking it up might be interesting)
Register Public Key on Server
Copy the public key to the server with the following command. Replace the path part with the path of the public key generated in the previous step.
ssh-copy-id -i ~/.ssh/id_ed25519.pub {username_on_server}@{static_ip_of_server}Ref: https://www.ssh.com/academy/ssh/copy-id
Try SSHing to Server Again
Try SSHing to the server with the same command as before. If public key settings are completed correctly, you will realize it’s no longer password authentication. Instead, you are asked for the key’s passphrase.
ssh {username_on_server}@{static_ip_of_server}Disable Password Authentication on Server Side
Once public key authentication is possible, password authentication is nothing but a security hole, so disable it.
First, open the following file while SSHed into the server.
# Use favorite text editor (emacs, vim, nano)sudo nano /etc/ssh/sshd_configSet the following. There are others better set for security, but I’ll omit them for now as they stray from the main topic.
PasswordAuthentication noOnce settings are changed, restart ssh.
systemctl restart sshdOnce this is done, the main outline is complete.
Note: If password authentication is still possible after this setting, likely settings in /etc/ssh/sshd_config.d/50-cloud-init.conf are taking precedence. Overwrite this guy, or create an arbitrary file like /etc/ssh/sshd_config.d/0-my.conf and overwrite PasswordAuthentication there.
Convenient Settings
It’s tedious to enter username@IPaddress every time SSHing from client, so set a shortcut.
Save connection settings in ~/.ssh/config as follows:
# Part 'server' is arbitrary nameHost server HostName {static_ip_of_server} User {username_on_server} Port 22 IdentityFile ~/.ssh/id_ed25519This makes SSH possible using the name specified in Host, like below.
ssh serverConclusion
So, I can now successfully SSH connect to my home server. It’s quite comfortable to be able to operate the server from my PC at hand without preparing a display or keyboard.
Using public key authentication gives peace of mind security-wise, and since it can be used as-is when connecting from outside via VPN later, this configuration serves as a very useful base.
If there’s anything you don’t understand along the way, please let me know in the comments.
