Posted inUS_1

Installing OpenSSH Server on Ubuntu

No Comments

This guide explains how to install and enable the OpenSSH server on Ubuntu. OpenSSH allows you to securely connect to your Ubuntu server remotely, enabling tasks like file transfer and command-line administration. Whether you are setting up a new server or need to reinstall SSH, this tutorial will walk you through the necessary steps to get your SSH server up and running.

Understanding SSH

Secure Shell (SSH) is a cryptographic network protocol that enables secure system administration and file transfers over unsecured networks. By encrypting network traffic, SSH prevents eavesdropping, connection hijacking, and other attacks. SSH is essential for remotely managing Linux servers, including Ubuntu, and is a cornerstone of secure server administration.

There are two main components to SSH:

  • SSH Client: The application used to initiate a connection to an SSH server.
  • SSH Server (sshd): The application that runs on the remote host, listening for connection requests from SSH clients and providing access upon successful authentication.

On Ubuntu systems, OpenSSH is the standard SSH implementation, providing both the ssh client and sshd server.

Step 1: Check if OpenSSH Server is Installed and Running

Before proceeding with the installation, it’s wise to check if the OpenSSH server is already installed and running on your Ubuntu system.

  1. Open your terminal: Access the terminal of your Ubuntu server. You can do this directly if you have physical access or through a console like Lish or GLISH provided by your hosting provider.

  2. Check SSH server status: Use systemctl, the system service manager, to check the status of the ssh service, which corresponds to the OpenSSH server.

    sudo systemctl status ssh

    This command will display the status of the SSH service.

    • If SSH server is running: You will see output similar to this, indicating the service is active and running:

      ● ssh.service - OpenBSD Secure Shell server
 Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
 Active: active (running) since Wed 2023-08-02 10:00:00 UTC; 2h ago
   Docs: man:sshd(8)
         man:sshd_config(5)

    • If SSH server is not running or not installed: If the SSH server is not running, the output will indicate an inactive status, or if it’s not installed, it might show an error like “Unit ssh.service could not be found.”

      If the service is inactive, you can attempt to start it with:

      sudo systemctl start ssh

      Then, check the status again. If the status is still inactive or the service is not found, proceed to Step 2 to install the OpenSSH server.

Step 2: Install OpenSSH Server on Ubuntu

If the OpenSSH server is not installed on your Ubuntu system, you can easily install it using Ubuntu’s package manager, apt.

  1. Update package lists: Before installing any new packages, it’s a good practice to update your system’s package lists to ensure you have the latest information about available packages and their versions.

    sudo apt update

  2. Install OpenSSH server package: Use the apt install command to install the openssh-server package. The openssh-client package is also included as it’s commonly needed and provides the ssh client command.

    sudo apt install openssh-server openssh-client

    The apt command will download and install the OpenSSH server and client packages, and generate the necessary SSH keys for secure communication.

  3. Enable and start the SSH server: After installation, the SSH server service should start automatically. However, it’s good practice to explicitly enable and start the service to ensure it runs and will start automatically on system boot.

    sudo systemctl enable ssh
sudo systemctl start ssh

  4. Verify SSH server installation: Check the status of the SSH server again to confirm it is running after the installation.

    sudo systemctl status ssh

    You should now see the output indicating that the ssh.service is active and running, as shown in Step 1.

Step 3: Basic Configuration of OpenSSH Server

Once the OpenSSH server is installed and running, you can adjust its configuration to enhance security or customize its behavior. The main configuration file for the OpenSSH server is /etc/ssh/sshd_config.

Important Security Recommendation: It is highly recommended to secure your SSH server immediately after installation. Consider implementing security best practices like disabling password authentication and using SSH keys, changing the default SSH port, and utilizing tools like fail2ban for intrusion prevention.

Here are a few basic configuration options you might consider:

  • Change SSH Port (Security Enhancement): The default SSH port is 22. Changing it to a non-standard port can reduce automated attacks. To change the port, edit /etc/ssh/sshd_config using a text editor like nano or vim:

    sudo nano /etc/ssh/sshd_config

    Find the line #Port 22 and uncomment it by removing the # and change 22 to a different port number (e.g., 2222).

    Port 2222

    Save the file and restart the SSH service for changes to take effect:

    sudo systemctl restart ssh

    Note: If you change the default port, you will need to specify the port when connecting with an SSH client using the -p option (e.g., ssh -p 2222 user@your_server_ip).

  • Disable Password Authentication (Security Enhancement): For improved security, it’s recommended to disable password-based authentication and use SSH keys instead. To disable password authentication, in /etc/ssh/sshd_config, find the line PasswordAuthentication yes and change it to no.

    PasswordAuthentication no

    Ensure you have SSH key-based authentication set up before disabling password authentication.

  • Allow or Deny Users/Groups: You can control which users or groups are allowed to log in via SSH. Use the AllowUsers or AllowGroups directives in /etc/ssh/sshd_config to specify allowed users or groups. Similarly, DenyUsers and DenyGroups can be used to deny specific users or groups.

    For example, to only allow user admin and members of group sysadmin to SSH in:

    AllowUsers admin
AllowGroups sysadmin

    Remember to restart the SSH service after making changes to the configuration file.

Step 4: Firewall Configuration (If Applicable)

If you have a firewall enabled on your Ubuntu server (like ufw), you need to allow traffic on the SSH port to enable remote connections.

  • Allow SSH port in firewall: If you are using the default SSH port (22), you can allow SSH traffic with ufw using:

    sudo ufw allow ssh

    If you changed the SSH port to a custom port (e.g., 2222), allow traffic on that port:

    sudo ufw allow 2222/tcp

    After adding the rule, ensure ufw is enabled:

    sudo ufw enable
sudo ufw status

Conclusion

You have successfully installed and configured the OpenSSH server on your Ubuntu system. You should now be able to connect to your server remotely using an SSH client. Remember to review and implement further security measures to protect your SSH server and your system. Regularly update your system and OpenSSH packages to patch any security vulnerabilities.

By following these steps, you ensure secure remote access to your Ubuntu server, which is essential for effective server management and administration.

Note: This guide is designed for informational purposes and assumes a basic understanding of Linux server administration. Always refer to official documentation and security best practices for production environments.

Comments

No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *