Comments
How to Set Up SSH Server on Ubuntu
Edited 2 weeks ago by ExtremeHow Editorial Team
SSHServerUbuntuLinuxNetworkingSecuritySetupOperating SystemsRemote AccessSystem
This content is available in 7 different language
Introduction
Setting up an SSH server on Ubuntu is a crucial step for remote administration and file transfer tasks. SSH, or Secure Shell, is a cryptographic network protocol that enables secure data communication over an unsecured network. It is used to log into a remote machine and execute commands, as well as transfer files between machines on a network. In this guide, we will walk you through the process of setting up an SSH server on an Ubuntu system.
Step 1: Updating system packages
Before installing any software, it is important to ensure that your system's package manager has the latest information about available software packages and their dependencies. To accomplish this, run the following command:
sudo apt updatesudo command is used to execute commands with elevated privileges, typically required for system administration tasks. apt update command updates the list of packages available from the package repository, ensuring that you have access to the most recent versions.
Step 2: Installing OpenSSH Server
Ubuntu's SSH server package is called OpenSSH Server. It is one of the most used SSH server packages in the Linux ecosystem due to its simplicity, security, and robustness. To install OpenSSH Server, execute the following command in the terminal:
sudo apt install openssh-serverThis command will fetch the OpenSSH server package from the Ubuntu package repository and install it on your system. During installation, the package manager will also automatically start the SSH service for you.
Step 3: Checking the status of the SSH service
Once the OpenSSH server is installed, you will want to verify if the SSH service is running correctly. Use the following command to check the status of the SSH service:
sudo systemctl status sshsystemctl command is used to check the status of system units, including services. When you check the status of the SSH service, you should see a message indicating that the service is "active (running)". If it is not running, you can start it using the following command:
sudo systemctl start sshIf you want the SSH service to start automatically at boot time, use the following command:
sudo systemctl enable sshStep 4: Configuring the SSH server
The SSH server configuration file is located at /etc/ssh/sshd_config. This file controls various parameters of the SSH server, including port numbers, key exchange algorithms, and authentication methods. It is important to configure this file to suit your security and access needs.
Changing the default port
By default, the SSH server listens on port 22. However, changing the default port to a non-standard port can help provide another layer of security. To change the port, open the SSH configuration file with a text editor, for example:
sudo nano /etc/ssh/sshd_configLook for the line #Port 22, and change it as follows:
Port 2222Remove # from the beginning to uncomment the line. Make sure the port you choose is not used by other services.
Disabling root login
Allowing root login over SSH can pose a security risk. It is recommended to disable it by looking for the following line:
PermitRootLogin yesAnd change it as follows:
PermitRootLogin noDoing so ensures that users log in as a non-root user, and switch to root if necessary.
Enabling public key authentication
Public key authentication is more secure than password authentication. To enable it, make sure the following lines are set in the sshd_config file:
PubkeyAuthentication yesAuthorizedKeysFile .ssh/authorized_keys
This setting allows clients to authenticate using SSH keys stored in the user accounts' ~/.ssh/authorized_keys file.
Step 5: Restarting the SSH service
After making changes to the SSH configuration file, you must restart the SSH service for the changes to take effect:
sudo systemctl restart sshNote that if you changed the port, you must specify the new port when connecting via SSH. For example, if you changed the SSH port to 2222, use ssh user@hostname -p 2222.
Step 6: Setting up firewall rules
If the firewall is enabled on your Ubuntu server, you will need to allow incoming SSH connections. Assuming you are using UFW (Uncomplicated Firewall), you can enable the firewall and allow SSH traffic with the following command:
sudo ufw allow sshsudo ufw enable
If you changed the default SSH port, replace with ssh port number, e.g.:
sudo ufw allow 2222This command adjusts the firewall rules to allow SSH traffic on the specified port.
Step 7: Testing the SSH server
To make sure your SSH server is set up correctly, try connecting to it from another machine (either another computer or a virtual machine). Use the command:
ssh username@server_ipReplace username with your actual username on the server and replace server_ip with the IP address or hostname of your server. If you modified the port, you must specify it using the -p option, e.g.:
ssh username@server_ip -p 2222If the connection is successful, a login prompt will appear, allowing you to log into your server via SSH.
Step 8: Enhancing SSH security
It's important to further enhance the security of your SSH setup to prevent unauthorized access. Here are some tips:
Using Fail2Ban
Fail2Ban is a program that helps prevent brute-force attacks by monitoring failed login attempts. Install it using the following:
sudo apt install fail2banBy default, Fail2Ban bans IP addresses for 10 minutes after 3 failed login attempts. You can customize these settings by editing the configuration file located at /etc/fail2ban/jail.local.
Limiting user access
Consider allowing SSH access only to specific users. You can do this by adding the following line to your sshd_config file:
AllowUsers user1 user2Replace user1 and user2 with the actual usernames you want to allow SSH access to.
By following these steps, you can efficiently set up and secure an SSH server on your Ubuntu system. This setup provides a robust and secure environment for remote system management and secure file transfers. Remember to always keep your system and SSH server updated to prevent vulnerabilities.
If you find anything wrong with the article content, you can