Winter Sale - up to 36% OFF

How to Enable and Secure SSH on Ubuntu? Quick and Easy Steps

How to Enable and Secure SSH on Ubuntu? Quick and Easy Steps
Published on Aug 21, 2024 Updated on Aug 21, 2024

Remote login has been one of the easiest ways to manage servers across the Internet. A secure connection is key to this method, making sure that important data stays safe from online threats. SSH is one of the secure remote login methods, popularly used by enterprises and home users, giving you confidence as you work on your Ubuntu server.

#What is SSH

The Secure Shell Protocol (SSH) is a cryptographic network protocol mainly used for remote login. It creates network services securely over an unsecured network and was designed for Unix-like systems to replace the insecure Telnet service that was used in the early internet era. SSH uses the public-key cryptographic infrastructure to authenticate the communicating parties.

OpenSSH is the most popular SSH implementation used on the Internet. It is open-source and comes with a collection of tools for remote login and secure transfer of files.

#Prerequisites

To follow along this tutorial, you will need the latest Ubuntu installed with sudo privileges.

Deploy and scale your projects with Cherry Servers' cost-effective dedicated or virtual servers. Enjoy seamless scaling, pay-as-you-go pricing, and 24/7 expert support—all within a hassle-free cloud environment.

#How to Enable SSH on Ubuntu

The below steps will cover how to install SSH. We will also show you how to configure your SSH keys and secure your SSH server.

#Upgrade Ubuntu packages

We will first update our package list with the following command:

sudo apt-get update

We now upgrade our packages to make sure we have the latest and patched SSH packages for our Ubuntu version.

sudo apt-get upgrade

#Install OpenSSH

#On your server

Now that our packages have been upgraded, we can install the SSH server, OpenSSH, using the following command:

sudo apt install openssh-server

#On your client workstation

You need to install openssh-client on your client workstation to be able to connect to your ssh server.

sudo apt install openssh-client

#Configure SSH server

By default, the configuration file is located at /etc/ssh/sshd_config

TIP

Type man sshd_config in your terminal prompt to access the SSH daemon configuration file manual and get a full list of options to configure your SSH server.

#Check your configuration file

As SSH is often a critical service allowing remote access to servers, losing connection after a server configuration might block you from reaching this server.

To help avoid this issue, you can verify your ssh configuration before loading your new setting.

To verify the configuration, use the following command:

sudo sshd -t -f /etc/ssh/sshd_config

In case of errors in the configuration file, the command will output where the error is located, like the example below:

$ sudo sshd -t -f /etc/ssh/sshd_config
/etc/ssh/sshd_config line 1: no argument after keyword "a"
/etc/ssh/sshd_config: terminating, 1 bad configuration options

Else, if there is no error in the configuration, you can proceed to restart the SSH server, which will reload your SSH configuration.

To restart the SSH server, use the following command:

sudo systemctl restart sshd.service

#Add a banner to your server

SSH server allows you to display a pre-login message, or banner, when someone is attempting a connection to your server. This can be a guide, warning or simply giving public information about your server.

To add a banner to your server, add the Banner directive to your /etc/ssh/sshd_config. For example, to use the file /etc/issue.net as a banner, add the following line to your configuration file:

Banner /etc/issue.net

Restart the server to load the new configuration:

sudo systemctl restart sshd.service

#SSH keys

#Generate keys on client

To make passwordless and more secure connections to your SSH server, you need to generate a pair of SSH keys on your client workstation. This key will then be copied to your SSH server.

From your client workstation, generate the keys using the following command:

ssh-keygen -t rsa

You can either secure your key with a password or hit Enter to generate the key without a password.

This will generate a private and public key using the RSA algorithm. The generated keys are located in the ~/.ssh/ folder. The private key is id_rsa and the public key is id_rsa.pub.

#Copy keys to server

You can now copy the public key to your SSH server:

ssh-copy-id username@remotehost

This will append ~/.ssh/authorized_keys to your server. The file must have permission 600 for the connection to work.

To set the permission, use the following command on the server:

chmod 600 .ssh/authorized_keys

#Secure the SSH server

To secure the server, we will disable password-based connections.

Add the following directives to your /etc/ssh/sshd_config:

KbdInteractiveAuthentication yes
PasswordAuthentication no
AuthenticationMethods publickey,keyboard-interactive

This will disable password-based connections while allowing other keyboard-interactive methods, which might be useful in 2FA setup. It will also allow connections using your public key.

Restart your ssh server to reload the configuration:

sudo systemctl restart sshd.service

TIP

Consider installing fail2ban to further secure your SSH server and automatically ban potential attackers. You can also change the default sshd (port 22) port to reduce connection attempts from automated bots.

#Conclusion

In this tutorial, we have covered what SSH is and how to install an SSH server on Ubuntu. We have also covered the basic configuration needed to run and secure your server, including generating your SSH keys. For more information about SSH configuration on Ubuntu, refer to the official Ubuntu OpenSSH Server configuration.

Cloud VPS - Cheaper Each Month

Start with $9.99 and pay $0.5 less until your price reaches $6 / month.

Share this article

Related Articles

Published on Jun 7, 2021 Updated on Jun 29, 2022

AlmaLinux Review: a CentOS Clone Supported by CloudLinux

AlmaLinux is an open-source Linux distribution focused on long-term stability, that is a 1:1 binary compatible fork of Red Hat Enterprise Linux (RHEL)

Read More
Published on Sep 14, 2021 Updated on Jun 29, 2022

Debian 11 "bullseye" Review: What‘s New?

Debian 11 “bullseye” was released on 14th of August 2021. This release contains over 11294 new packages out of 59551 packages overall in its repositories.

Read More
Published on May 31, 2022 Updated on May 5, 2023

A Complete Guide to Linux Bash History

Learn how to work with Bash history to become more efficient with any modern *nix operating system.

Read More
We use cookies to ensure seamless user experience for our website. Required cookies - technical, functional and analytical - are set automatically. Please accept the use of targeted cookies to ensure the best marketing experience for your user journey. You may revoke your consent at any time through our Cookie Policy.
build: 92b971500.883