How to Enable SSH on Ubuntu?

Introduction

Secure Shell (SSH) is a cryptographic network protocol that allows secure remote access to a computer or server over an unsecured network. It provides a secure and encrypted channel between two devices that can be used for various purposes such as running commands remotely or securely transferring files between devices.

SSH was designed to replace Telnet, FTP, and Rlogin which transmit plain text data and are therefore easily intercepted by attackers. SSH is an essential tool for system administrators, developers, and users who need to access remote servers in a secure manner.

Checking if SSH is installed on Ubuntu

SSH is a commonly used protocol for secure remote access to servers, and it is an essential tool for system administrators. Before enabling SSH on Ubuntu, you need to check whether it's already installed or not.

You can easily check whether the OpenSSH server package is installed on your system by running a simple command in the terminal −

sudo apt-get update 
sudo apt-get install openssh-server 

This command will first update the package list and then install the OpenSSH server if it’s not already installed.

Using the command line to check for SSH installation

If you want to verify whether SSH is installed or not, you can use a simple command in the terminal −

ssh -V 

This command will display the version of OpenSSH client that's currently installed on your system. If you see a message like "command not found" or "package could not be found", then it means that SSH is not currently installed on your Ubuntu system.

Installing SSH if it is not already installed

If you have determined that OpenSSH server isn't yet available on your Ubuntu machine, you can install it using a few simple commands in Terminal −

sudo apt-get update 
sudo apt-get install openssh-server 

The first command will ensure that all of your system's repositories are up-to-date; this step may take several minutes depending upon how old your packages list may be.

The second line installs OpenSSH Server onto your machine. Once this process completes successfully, you should have enabled secure remote access via SSH on Ubuntu!

Editing the sshd_config file to allow remote access

In order to enable SSH on Ubuntu, you need to edit the sshd_config file located at /etc/ssh/sshd_config. This can be done by opening the terminal and entering the command "sudo nano /etc/ssh/sshd_config". Once you have opened sshd_config, find the line that says "PermitRootLogin prohibit-password" and change it to "PermitRootLogin yes".

This will allow root access via SSH. If you want to allow other users to access your system remotely via SSH, add their usernames to the "AllowUsers" section of the file.

Restarting the SSH service for changes to take effect

After editing the sshd_config file, it is important that you restart your SSH service for any changes made in this configuration file (or any other similar configuration files) to take effect. To restart your SSH service on Ubuntu, open a terminal and enter one of these commands −

sudo systemctl restart ssh 

OR

sudo service ssh restart 

By restarting your system's SSH daemon or service after making any necessary configuration changes in "/etc/ssh/sshd_config", all of these new settings will be applied immediately and will take effect as soon as possible.

Configuring Firewall Settings for SSH Access

Firewalls act as a security mechanism to protect your system from unauthorized network traffic. By default, Ubuntu comes with a firewall called UFW (Uncomplicated Firewall) which blocks all incoming connections except for those explicitly allowed by its rules.

Checking Firewall Status on Ubuntu

Before allowing access through the firewall, it is important to ensure that the firewall is actually running and active. The following command can be used to check the status of your firewall −

sudo ufw status 

If UFW is active and running, you will see a message indicating that it is enabled and blocking all incoming connections except those allowed by specific rules.

Allowing Incoming Traffic on Port 22 (Default Port for SSH)

To enable incoming traffic on port 22, we need to add an exception rule for SSH in the UFW configuration file. The following command can be used −

sudo ufw allow ssh 

This will allow incoming traffic on port 22 from any IP address or network.

If you only want to allow access from specific IP addresses or networks, you can specify them in the rule like this −

sudo ufw allow from to any port ssh 

This allows incoming SSH connections only from the specified IP address or network subnet. Once you have added these rules, it is recommended that you restart your firewall to ensure that the changes take effect −

sudo ufw disable && sudo ufw enable 

This command disables and then immediately enables UFW so that new settings are applied.

Creating an SSH Key Pair for Secure Access

Generating a public-private key pair using ssh-keygen

Before setting up SSH access, it is important to generate a secure key pair to use for authentication. The key pair consists of a private key, which will be stored locally on your computer, and a public key, which will be uploaded to the server.

The private key should be kept secure and never shared with anyone. To generate the key pair, open the terminal on Ubuntu and enter the following command −

ssh-keygen

You will then be prompted to enter a passphrase for your private key.

This adds an extra layer of security by requiring someone to have physical access to your computer in addition to the correct passphrase in order to gain access. After entering the passphrase (or leaving it blank if you prefer), press Enter to continue with the default file location and name.

A new public-private key pair will be generated and saved in your home directory under `.ssh/`. The private key will be saved as `id_rsa`, while the public key will be saved as `id_rsa.pub`.

Copying the public key to the server

Once you have generated your SSH keys, you need to copy your public key from your local machine onto the Ubuntu server so that it can authenticate incoming connections. To do this, use ssh-copy-id:

ssh-copy-id username@server_ip_address

Replace `username` with your username on the remote server and `server_ip_address` with its IP address or hostname.

You'll then see output similar to this −

Output 
/usr/bin/ssh-copy-id: INFO: attempting to log in with user: 'username' /usr/bin/ssh-copy-id: INFO: copying ID file '/home/localuser/.ssh/id_rsa.pub' 
to remote host '192.0.2.142' /usr/bin/ssh-copy-id: INFO: attempting to log in with user: 'username' 
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys 
username@192.0.2.142's password: Number of key(s) added: 1 
Now try logging into the machine, with:`ssh 'username@192.0.2.142'` and check to make sure that only the key(s) you wanted were added. 

Enter your remote user account password when prompted and press Enter. Your public key will now be added to the remote server's `authorized_keys` file, allowing you to connect securely using SSH without requiring a password each time.

Conclusion

After following the steps outlined in this guide, you should now have SSH enabled and configured on your Ubuntu machine. Remote access via SSH is a powerful tool that can greatly enhance productivity and ease of use. However, it is important to ensure that the proper security measures are in place to prevent unauthorized access to your system.