Configuring SSH on Ubuntu is a fundamental skill for any system administrator or developer working with remote servers. Secure Shell provides a robust and encrypted method to manage your infrastructure, replacing less secure protocols like Telnet. This guide walks through the entire process, from initial installation to advanced security hardening, ensuring your connections are both reliable and protected.
Installing the OpenSSH Server
The first step in configuring SSH is to ensure the OpenSSH server is installed on your Ubuntu machine. By default, Ubuntu Desktop does not include the server component, while Ubuntu Server typically has it pre-installed. You can verify the installation status using the package manager.
Updating Package Lists
Before installing new software, it is best practice to update your local package index. This ensures you are installing the latest available version with the most recent security patches. Open your terminal and execute the following command:
sudo apt update
Installing the OpenSSH Server Package
Once your package lists are updated, you can install the OpenSSH server. This package provides the sshd daemon, which listens for incoming connections. Install it with the following command:
sudo apt install openssh-server
The system will prompt you to confirm the installation. Type "Y" and press Enter. The SSH service should start automatically upon completion.
Verifying SSH Service Status
After installation, it is crucial to confirm that the SSH daemon is running correctly. You can check the active status of the service using systemctl , the system and service manager for Ubuntu.
sudo systemctl status ssh
If the service is active and running, you will see an "active (running)" status in the output. You can also verify that the daemon is listening on the default port 22 by checking your firewall rules or using network tools like ss or netstat .
Configuring the Firewall for SSH Access
Ubuntu often uses UFW (Uncomplicated Firewall) to manage network access. If you have a firewall enabled, you must configure it to allow traffic on port 22, or your configured custom port, before you restart the SSH service. Otherwise, you risk locking yourself out of the server.
Allowing SSH Through UFW
To allow the default SSH port, you can use the application profile. Ubuntu's UFW includes predefined rules for SSH. To enable access, run:
sudo ufw allow ssh
Alternatively, if you have changed the default port or want to specify the port directly, use:
sudo ufw allow 22/tcp (replace 22 with your custom port if applicable)
After allowing the port, ensure the firewall is active with sudo ufw enable .
Accessing Your Server via SSH
With the server installed and the firewall configured, you can now connect to your Ubuntu machine from a client device. The basic syntax for the SSH command requires the username and the IP address of the target machine.
Basic Connection Command
Open a terminal on your local machine (Linux, macOS, or Windows with WSL/OpenSSH client) and enter the following, replacing username with your actual user and your_server_ip with the public or private IP address:
ssh username@your_server_ip
