Sunday, September 25, 2022

Enable and Configure SSH on Ubuntu 22.04

In this guide, we want to teach you to Enable and Configure SSH on Ubuntu 22.04.

SSH or Secure Shell is a network communication protocol that enables two computers to communicate (c.f http or hypertext transfer protocol, which is the protocol used to transfer hypertext such as web pages) and share data. An inherent feature of ssh is that the communication between the two computers is encrypted, which is suitable for use on insecure networks.

SSH is often used to “log in” and perform operations on remote computers but may also be used to transfer data.

Steps To Enable and Configure SSH on Ubuntu 22.04

To complete this guide, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow our guide the Initial Server Setup with Ubuntu 22.04.

Install OpenSSH on Ubuntu 22.04

First, you need to update your local package index with the command below:

sudo apt update

By default, SSH is installed on Ubuntu 22.04. To verify this, run the command below:

ssh -V
Output
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020

Note: This information does not mean that you have an SSH server running on your server, it only means that you are currently able to connect as a client to SSH servers.

Then, use the command below to install OpenSSH:

sudo apt install openssh-server

When your installation is completed, enable your service to start on boot:

sudo systemctl enable ssh

Check your SSH status with the command below:

sudo systemctl status sshd

In your output you should see:

Output
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: e>
     Active: active (running) since Sun 2022-09-18 09:06:37 CEST; 2min 57s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 1960 (sshd)
      Tasks: 1 (limit: 2282)
     Memory: 1.8M
     CGroup: /system.slice/ssh.service
             └─1960 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups

By default, your SSH server is listening on port 22 (which is the default SSH port).

You can check that the SSH server is listening on port 22 with the netstat command:

netstat -tulpn | grep 22
Output
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1960/sshd: /usr/sbi
tcp6       0      0 :::22                   :::*                    LISTEN      1960/sshd: /usr/sbi

Configure Firewall for SSH

At this point, you need to allow SSH traffic on the UFW firewall.

To enable SSH connections on your Ubuntu 22.04, run the command below:

sudo ufw allow ssh

Now you can check your UFW status:

sudo ufw status
Output
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)

Configure SSH Server on Ubuntu 22.04

As you know, SSH configuration files are located in the /etc/ssh folder.

In this directory, you are going to find many different files and folders, but the most important ones are :

  • ssh_config: is used in order to configure SSH clients. It means that it defines rules that are applied every time you use SSH to connect to a remote host or to transfer files between hosts;
  • sshd_config: is used in order to configure your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.

In this tutorial, we are going to focus on the server part of the configuration.

Change SSH Default Port

To secure your SSH server, it’s recommended to change the SSH default port on Ubuntu 22.04.

Open the sshd_config file with your favorite text editor, here we use vi:

sudo vi /etc/ssh/sshd_config

Find the port line, and change it to your desired value, here we change it to 2222:

Port 2222

When you are done, save and close the file.

Note: Be careful when you change your default SSH port, you will have to specify it when connecting to it.

Disable Root Login on your SSH Server

By default, on recent distributions, root login is set to “prohibit-password”.

This option means that all interactive authentication methods are banned, allowing only public keys to be used.

In short, you need to set up SSH keys and use them in order to connect as a root.

However, even if you connect without a password, root login is not recommended: if keys are compromised, your entire host is compromised.

As a consequence, you can set this option to “no” in order to restrict it completely.

Again open the SSH server config file on Ubuntu 22.04:

sudo vi /etc/ssh/sshd_config

Find the line below and set it to no:

PermitRootLogin no

When you are done, save and close the file.

To apply these changes, restart the SSH service:

sudo systemctl restart sshd

You can also use the “netstat” command as we already did in the previous sections:

netstat -tulpn | grep 2222
Output
tcp        0      0 0.0.0.0:2222            0.0.0.0:*               LISTEN      3199/sshd: /usr/sbi
tcp6       0      0 :::2222                 :::*                    LISTEN      3199/sshd: /usr/sbi

How To Connect to SSH Server

At this point, you can easily connect to your SSH server by using the command below:

ssh -p <port> <username>@<ip_address>

For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command:

ssh -p 2222 <user>@127.0.0.1

You will be asked to provide your password and to certify that the authenticity of the server is correct.

To exit from your SSH server on Ubuntu 22.04, you can hit Ctrl + D or type ‘logout’ and your connection will be terminated.

Disable SSH server

If you plan to disable your SSH server, you can use the following command:

sudo systemctl stop sshd 

Check your SSH service status:

sudo systemctl status sshd
Output
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: e>
     Active: inactive (dead) since Sun 2022-09-18 09:47:17 CEST; 5s ago
       Docs: man:sshd(8)
             man:sshd_config(5)
    Process: 3191 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
    Process: 3199 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=0>
   Main PID: 3199 (code=exited, status=0/SUCCESS)

From there, your SSH server won’t be accessible anymore.

Conclusion

In this tutorial, you learned to Enable and Configure your SSH server on Ubuntu 22.04

With this tutorial, you also learned how to configure your SSH server in order for it to be robust enough for basic attacks.

You may be like these articles:

How To Set up CSF Firewall on Ubuntu 22.04

Secure Nginx with Let’s Encrypt on Ubuntu 22.04

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles

POPULAR TAGS

Most Popular