How to Enable SSH on Ubuntu?

Secure Shell (SSH) is a cryptographic network protocol that allows secure remote access to a computer or server over an unsecured network. It provides a secure and encrypted channel between two devices for running commands remotely or securely transferring files.

SSH was designed to replace Telnet, FTP, and Rlogin, which transmit plain text data and are easily intercepted by attackers. SSH is an essential tool for system administrators, developers, and users who need secure remote server access.

Checking if SSH is Installed on Ubuntu

Before enabling SSH on Ubuntu, check whether OpenSSH server is already installed. You can verify the SSH client installation using

ssh -V

If you see "command not found," SSH is not installed. To check for the OpenSSH server specifically

systemctl status ssh

Installing OpenSSH Server

If OpenSSH server is not installed, install it using these commands

sudo apt update
sudo apt install openssh-server

The first command updates the package list, and the second installs the OpenSSH server. Once installation completes, the SSH service should start automatically.

Configuring SSH Access

Editing the SSH Configuration File

To configure SSH settings, edit the /etc/ssh/sshd_config file

sudo nano /etc/ssh/sshd_config

Important security considerations:

• Keep PermitRootLogin set to no or prohibit-password for security

• Use AllowUsers username to restrict which users can connect

• Consider changing the default port from 22 to a custom port

Restarting the SSH Service

After making configuration changes, restart the SSH service

sudo systemctl restart ssh

Verify the service is running

sudo systemctl status ssh

Configuring Firewall Settings

Checking UFW Status

Ubuntu's UFW (Uncomplicated Firewall) blocks incoming connections by default. Check its status

sudo ufw status

Allowing SSH Traffic

Allow incoming SSH connections through the firewall

sudo ufw allow ssh

For enhanced security, allow SSH from specific IP addresses only

sudo ufw allow from 192.168.1.100 to any port ssh

Enable UFW if it's not already active

sudo ufw enable

Setting Up SSH Key Authentication

Generating SSH Key Pair

SSH keys provide more secure authentication than passwords. Generate a key pair on your local machine

ssh-keygen -t rsa -b 4096

This creates a 4096-bit RSA key pair. You'll be prompted to

• Choose a file location (default is ~/.ssh/id_rsa)

• Enter a passphrase for additional security (recommended)

Copying the Public Key to the Server

Copy your public key to the Ubuntu server

ssh-copy-id username@server_ip_address

Replace username with your username and server_ip_address with the server's IP address. You'll be prompted for the user's password.

Alternatively, manually copy the key

cat ~/.ssh/id_rsa.pub | ssh username@server_ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

Testing SSH Connection

Test your SSH connection from a remote machine

ssh username@server_ip_address

If key authentication is set up correctly, you'll connect without entering a password (unless you set a passphrase for your private key).

Security Best Practices

• Disable password authentication in /etc/ssh/sshd_config by setting PasswordAuthentication no

• Use a non-standard port by changing Port 22 to a custom port

• Enable two-factor authentication using tools like Google Authenticator

• Regularly update your system and SSH packages

Conclusion

SSH is now enabled and configured on your Ubuntu system with proper security measures. Using SSH keys instead of passwords and implementing firewall rules significantly enhances your server's security. Regular monitoring and updates ensure continued protection against unauthorized access.