Secure Shell, commonly referred to as SSH, is the standard protocol for securely managing and accessing remote systems. If you are managing an Ubuntu server or simply need to connect to a remote machine on a local network, enabling this service is a fundamental skill. The following guide provides a detailed walkthrough for configuring SSH on Ubuntu, covering installation, security hardening, and best practices for reliable access.
Understanding the SSH Service on Ubuntu
By default, modern Ubuntu Desktop and Server editions include the OpenSSH client, but the server component is often not installed until needed. The SSH daemon, known as `sshd`, runs in the background, listening for incoming connection requests on port 22. Before you can connect, you must ensure this daemon is active on the target machine. This involves installing the `openssh-server` package and managing its status within the system.
Installing the OpenSSH Server
The process begins with updating your package index to ensure you are installing the latest available version. Open a terminal and execute the following commands to install the server software and verify it is running correctly.
Step-by-Step Installation Process
Update the local package index with: sudo apt update .
Install the OpenSSH server package using: sudo apt install openssh-server .
Check the status of the service to confirm it is active with: sudo systemctl status ssh .
Upon completion of these steps, the SSH service should start automatically and enable itself to launch at system boot, providing a persistent remote management interface.
Adjusting the Firewall Configuration
Security is paramount, and a running firewall might block external connections to port 22. If you are using `UFW` (Uncomplicated Firewall), you need to allow traffic specifically for SSH before enabling the firewall protection.
To allow SSH access, run the command sudo ufw allow ssh . This creates a rule that permits incoming connections on the default port. Once the rule is in place, you can safely enable the firewall without disrupting your ability to manage the server remotely.
Hardening SSH Security Settings
Accessing a server via SSH often exposes it to automated brute-force attacks. While password authentication is convenient, using SSH keys is significantly more secure. Key-based authentication utilizes cryptographic pairs to grant access, eliminating the risk of password interception.
To generate a key pair, use the command ssh-keygen -t ed25519 on your local machine. Subsequently, you copy the public key to the server using ssh-copy-id user@your_server_ip . After verifying that key login works, you should disable password authentication in the configuration file located at /etc/ssh/sshd_config by setting PasswordAuthentication no .
Managing the SSH Daemon
After making changes to the configuration file, you must reload the daemon to apply the new settings without dropping existing connections. Use the command sudo systemctl reload ssh to refresh the service. This ensures that security modifications take effect immediately.
Should you need to stop the service temporarily, you can use sudo systemctl stop ssh . To start it again when required, the command is sudo systemctl start ssh . These commands provide granular control over the availability of your remote management channel.
Troubleshooting Common Connection Issues
If you are unable to connect to the server, checking the logs is the most effective diagnostic step. The system logs provide real-time insight into connection attempts and failures. You can view these logs by running sudo journalctl -u ssh -f in a separate terminal window.
