Configuring your Ubuntu server to allow SSH access is a fundamental step for remote administration and automation. Secure Shell provides a secure channel over an unsecured network, allowing you to manage your system efficiently. This guide walks through the essential steps to enable and secure SSH, ensuring your server is both accessible and protected from unauthorized entry.
Installing the OpenSSH Server
The OpenSSH server package is typically not installed by default on a minimal Ubuntu installation. You must first install this package to enable the daemon that handles incoming connections. The package is available through the default APT repository, ensuring a reliable and verified installation.
Updating Package Index
Before installing any new software, it is best practice to update the local package index. This ensures you are installing the latest available version of the software. Run the following command to synchronize the package lists from the repositories.
sudo apt update Installing the Package With the index updated, you can proceed to install the `openssh-server` package. This action downloads the necessary files, configures the service to start automatically, and sets up the basic directory structure required for operation.
Installing the Package
sudo apt install openssh-server Verifying the SSH Service Status After the installation completes, the SSH daemon should start automatically. It is important to verify that the service is active and running without errors. This confirms that the systemd unit file is correctly configured and the daemon is listening for connections.
Verifying the SSH Service Status
Checking Active Status
Use the `systemctl` command to query the status of the SSH service. A green "active (running)" state indicates that the process is operational. If the service is inactive, you may need to start it manually or check the logs for configuration issues.
sudo systemctl status ssh Adjusting the Firewall Configuration Ubuntu servers often utilize `UFW` (Uncomplicated Firewall) to manage network access rules. By default, enabling the firewall will block all incoming connections, including SSH. You must explicitly allow the SSH port to prevent locking yourself out of the server.
Adjusting the Firewall Configuration
Allowing SSH Through UFW
To permit incoming SSH traffic, you need to add a rule to the firewall configuration. The most straightforward method is to allow the "OpenSSH" application profile, which defines the standard port 22. Ensure you enable the firewall *after* adding this rule to maintain access.
sudo ufw allow OpenSSH sudo ufw enable Connecting to the Server via SSH With the server configured, you can now establish a remote connection. The `ssh` command on your client machine initiates a secure session. You will need the IP address of the server and a valid user account with shell access.
Connecting to the Server via SSH
Basic Connection Command
The simplest way to connect is to specify your username and the server's IP address or hostname. Upon first connection, the client will store the server's host key for security verification. You will then be prompted to enter the password associated with your user account.
ssh username@server_ip_address Hardening SSH Security Settings Allowing SSH is not sufficient; securing it is critical to maintaining system integrity. Default configurations can be vulnerable to brute-force attacks and outdated cryptographic standards. You should modify the main configuration file to disable remote root login and enforce key-based authentication.
Hardening SSH Security Settings
Editing the Configuration File
The main SSH daemon configuration is located at `/etc/ssh/sshd_config`. Use a text editor like `nano` or `vim` to modify the settings. Key directives include `PermitRootLogin` to disable direct root access and `PasswordAuthentication` to turn off password logins in favor of SSH keys.
