The SSH protocol lets you connect to your server remotely using the command line, making it ideal for managing your system, in­stalling updates or trans­fer­ring files. This guide walks you through how to enable SSH on your Proxmox server and set it up for secure use.

Step 1: Prepare your Proxmox server

Before enabling SSH on your Proxmox server, make sure you’ve completed the bare-metal in­stal­la­tion of Proxmox. You’ll also need direct access to the server through a console or physical con­nec­tion. This pre­cau­tion is important because changing SSH settings can interrupt remote access. If you only connect via SSH and something goes wrong, you could lock yourself out of the server. To avoid this, prepare an al­ter­na­tive “emergency” access method and write down your server’s IP address and root password before you begin.

Dedicated Servers
Per­for­mance through in­no­va­tion
  • Dedicated en­ter­prise hardware
  • Con­fig­urable hardware equipment
  • ISO-certified data centers

Step 2: Check if OpenSSH is installed

Before in­stalling the SSH server on your Proxmox system, check whether an SSH server program is already installed and active. Proxmox is based on Debian, so verifying the service status is easy. Just enter the following command in the terminal:

sudo systemctl status ssh
bash

The terminal will then show the service status. If you see active (running), it means the SSH service is already installed and running. You can skip the in­stal­la­tion and move directly on to the con­fig­u­ra­tion steps, such as setting up SSH keys.

If you see inactive or failed, the SSH service is either not running or not installed correctly. Should this be the case, move on to step 3 and install the SSH service.

Step 3: Install OpenSSH

If step 2 showed that SSH isn’t running on your Proxmox server, you’ll need to install OpenSSH. OpenSSH is the most widely used im­ple­men­ta­tion of the SSH protocol and comes standard on almost all Linux systems. It provides the SSH daemon, which enables secure remote access to the server.

Before in­stalling the package, update your system’s package lists. This ensures you install the latest available version and that all de­pen­den­cies are properly resolved. Use the following commands to update your system and install the SSH service:

sudo apt update 
sudo apt install -y openssh-server
bash

After in­stal­la­tion, the SSH service should start au­to­mat­i­cal­ly. To make sure every­thing is working correctly, check the service status again as shown in step 2.

Step 4: Enable automatic startup

To make sure the SSH service is au­to­mat­i­cal­ly available after every server restart, you need to configure it to start on boot. On Debian-based systems like Proxmox, this con­fig­u­ra­tion is managed by systemd. The following command tells the system to start the service at each boot. With the --now option, the service is also started im­me­di­ate­ly, so you don’t have to wait until the next restart.

sudo systemctl enable --now ssh
bash

Step 5: Test the con­nec­tion from your computer

After you’ve installed and enabled SSH on your Proxmox server, you need to test the con­nec­tion from your computer. To do this, open a terminal on Linux or macOS, or use WSL. If you’re on Windows, you can use an SSH client such as PuTTY. The basic command to establish a con­nec­tion is:

ssh root@SERVER_IP
bash

Replace SERVER_IP with the actual IP address or hostname of your Proxmox server.

When you connect for the first time, your SSH client will ask you to verify the server’s fin­ger­print. This is a security measure to confirm that you’re con­nect­ing to the correct server and not to an impostor trying to intercept your con­nec­tion. Type “yes” to confirm. The fin­ger­print will then be saved in the ~/.ssh/known_hosts file on your computer, so future con­nec­tions are au­to­mat­i­cal­ly trusted.

SSH will then prompt you to enter the root password if password au­then­ti­ca­tion is enabled on the server. If the con­nec­tion fails, SSH displays an error message such as “Con­nec­tion refused” (no service available) or “Per­mis­sion denied” (access denied).

Image: ION_US_DG-AI_Object_Storage_960x320.jpg
Image: ION_US_DG-AI_Object_Storage_1200x1200.jpg

Step 6: Create and use SSH keys

Key-based au­then­ti­ca­tion is more secure and con­ve­nient than password-only login. To set it up, generate a key pair on your local machine using the following command:

ssh-keygen -t ed25519 -C "YourName@Workstation"
bash

Your private key stays on your local machine and should never be shared. The public key ( .pub file) is stored on the server in the ~/.ssh/authorized_keys file. To copy your public key to the server, run:

ssh-copy-id root@SERVER_IP
bash

Step 7: Configure SSH

After suc­cess­ful­ly setting up key-based login, adjust the SSH con­fig­u­ra­tion to make your con­nec­tion even more secure. Open the con­fig­u­ra­tion file using: sudo nano /etc/ssh/sshd_config. Then edit or add the following lines as shown below:

Port 22 
PermitRootLogin prohibit-password 
PasswordAuthentication no 
PubkeyAuthentication yes

This con­fig­u­ra­tion increases SSH security by allowing logins only through key au­then­ti­ca­tion and com­plete­ly disabling password login. Root access is still possible, but only through the SSH keys you’ve just set up. This ef­fec­tive­ly prevents brute-force attacks.

After updating the con­fig­u­ra­tion file, restart sshd to apply the changes:

sudo systemctl restart ssh
bash

With SSH now suc­cess­ful­ly con­fig­ured, your Proxmox server is ready for secure remote use. To give your virtual machines ad­di­tion­al pro­tec­tion against data loss, you can also set up regular automated backups using Proxmox Backup Server.

Intel® Servers
En­ter­prise hardware dedicated to you
  • Intel Xeon E Raptor Lake
  • En­ter­prise hardware
  • Con­fig­urable hardware equipment
  • ISO-certified data centers
Go to Main Menu