Configuring SSH on Ubuntu is a foundational skill for any system administrator or developer working with remote servers. The Secure Shell protocol provides a secure channel over an unsecured network, allowing you to manage your systems safely. This guide walks through the essential steps to set up and harden SSH on an Ubuntu machine, from installation to advanced security configurations.
Installing the OpenSSH Server
Before you can configure SSH, you need to ensure the OpenSSH server is installed on your Ubuntu system. By default, Ubuntu Desktop does not include this server, while Ubuntu Server typically has it pre-installed. You can easily install it using the APT package manager if it is missing.
Open your terminal and update your package list to ensure you are installing the latest version available. Then, install the openssh-server package. Once installed, the SSH service will start automatically, and you can verify its status to confirm it is running correctly.
Basic Installation Commands
sudo apt update && sudo apt upgrade
sudo apt install openssh-server
sudo systemctl status ssh
Configuring the Firewall
With the server running, you must ensure your firewall allows incoming connections on the default SSH port, which is 22. Ubuntu uses UFW (Uncomplicated Firewall) as its front-end for managing iptables, making this process straightforward. Allowing traffic before testing your connection is critical to avoid locking yourself out of the server.
You can check the application profiles UFW recognizes and then enable the profile for SSH. This ensures that the firewall rules are applied correctly to the SSH service, maintaining a secure perimeter around your system.
Firewall Configuration Steps
sudo ufw allow ssh
sudo ufw status
sudo ufw allow 22/tcp (Alternative specific port command)
Modifying the SSH Configuration File
The main configuration file for the SSH daemon is located at /etc/ssh/sshd_config . This file contains a wide range of directives that control how the server behaves. To apply changes, you will need to edit this file using a text editor like Nano and then restart the SSH service to reload the configuration.
It is highly recommended to create a backup of this file before making any changes. This provides a safe rollback point if a configuration error locks you out. Always test your new configuration in a separate terminal window before closing your current session.
Key Configuration Options
Implementing Key-Based Authentication
Passwords are vulnerable to brute-force attacks, while SSH keys provide a significantly more secure method of authentication. This process involves generating a public/private key pair on your local machine and placing the public key onto the Ubuntu server. The private key remains on your local machine and proves your identity without transmitting a password over the network.
