Share your love
Enable and Configure SSH on Ubuntu 22.04
In this guide, we want to teach you to Enable and Configure SSH on Ubuntu 22.04.
SSH or Secure Shell is a network communication protocol that enables two computers to communicate (c.f http or hypertext transfer protocol, which is the protocol used to transfer hypertext such as web pages) and share data. An inherent feature of ssh is that the communication between the two computers is encrypted, which is suitable for use on insecure networks.
SSH is often used to “log in” and perform operations on remote computers but may also be used to transfer data.
Steps To Enable and Configure SSH on Ubuntu 22.04
To complete this guide, you must log in to your server as a non-root user with sudo privileges and set up a basic firewall. To do this, you can follow our guide the Initial Server Setup with Ubuntu 22.04.
Install OpenSSH on Ubuntu 22.04
First, you need to update your local package index with the command below:
sudo apt update
By default, SSH is installed on Ubuntu 22.04. To verify this, run the command below:
ssh -V
Output
OpenSSH_8.2p1 Ubuntu-4ubuntu0.5, OpenSSL 1.1.1f 31 Mar 2020
Note: This information does not mean that you have an SSH server running on your server, it only means that you are currently able to connect as a client to SSH servers.
Then, use the command below to install OpenSSH:
sudo apt install openssh-server
When your installation is completed, enable your service to start on boot:
sudo systemctl enable ssh
Check your SSH status with the command below:
sudo systemctl status sshd
In your output you should see:
Output
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: e>
Active: active (running) since Sun 2022-09-18 09:06:37 CEST; 2min 57s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 1960 (sshd)
Tasks: 1 (limit: 2282)
Memory: 1.8M
CGroup: /system.slice/ssh.service
└─1960 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups
By default, your SSH server is listening on port 22 (which is the default SSH port).
You can check that the SSH server is listening on port 22 with the netstat command:
netstat -tulpn | grep 22
Output
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1960/sshd: /usr/sbi
tcp6 0 0 :::22 :::* LISTEN 1960/sshd: /usr/sbi
Configure Firewall for SSH
At this point, you need to allow SSH traffic on the UFW firewall.
To enable SSH connections on your Ubuntu 22.04, run the command below:
sudo ufw allow ssh
Now you can check your UFW status:
sudo ufw status
Output
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
Configure SSH Server on Ubuntu 22.04
As you know, SSH configuration files are located in the /etc/ssh folder.
In this directory, you are going to find many different files and folders, but the most important ones are :
- ssh_config: is used in order to configure SSH clients. It means that it defines rules that are applied every time you use SSH to connect to a remote host or to transfer files between hosts;
- sshd_config: is used in order to configure your SSH server. It is used for example to define the reachable SSH port or to deny specific users from communicating with your server.
In this tutorial, we are going to focus on the server part of the configuration.
Change SSH Default Port
To secure your SSH server, it’s recommended to change the SSH default port on Ubuntu 22.04.
Open the sshd_config file with your favorite text editor, here we use vi:
sudo vi /etc/ssh/sshd_config
Find the port line, and change it to your desired value, here we change it to 2222:
Port 2222
When you are done, save and close the file.
Note: Be careful when you change your default SSH port, you will have to specify it when connecting to it.
Disable Root Login on your SSH Server
By default, on recent distributions, root login is set to “prohibit-password”.
This option means that all interactive authentication methods are banned, allowing only public keys to be used.
In short, you need to set up SSH keys and use them in order to connect as a root.
However, even if you connect without a password, root login is not recommended: if keys are compromised, your entire host is compromised.
As a consequence, you can set this option to “no” in order to restrict it completely.
Again open the SSH server config file on Ubuntu 22.04:
sudo vi /etc/ssh/sshd_config
Find the line below and set it to no:
PermitRootLogin no
When you are done, save and close the file.
To apply these changes, restart the SSH service:
sudo systemctl restart sshd
You can also use the “netstat” command as we already did in the previous sections:
netstat -tulpn | grep 2222
Output
tcp 0 0 0.0.0.0:2222 0.0.0.0:* LISTEN 3199/sshd: /usr/sbi
tcp6 0 0 :::2222 :::* LISTEN 3199/sshd: /usr/sbi
How To Connect to SSH Server
At this point, you can easily connect to your SSH server by using the command below:
ssh -p <port> <username>@<ip_address>
For example, in order to connect to my own instance located at 127.0.0.1, I would run the following command:
ssh -p 2222 <user>@127.0.0.1
You will be asked to provide your password and to certify that the authenticity of the server is correct.
To exit from your SSH server on Ubuntu 22.04, you can hit Ctrl + D or type ‘logout’ and your connection will be terminated.
Disable SSH server
If you plan to disable your SSH server, you can use the following command:
sudo systemctl stop sshd
Check your SSH service status:
sudo systemctl status sshd
Output
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: e>
Active: inactive (dead) since Sun 2022-09-18 09:47:17 CEST; 5s ago
Docs: man:sshd(8)
man:sshd_config(5)
Process: 3191 ExecStartPre=/usr/sbin/sshd -t (code=exited, status=0/SUCCESS)
Process: 3199 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS (code=exited, status=0>
Main PID: 3199 (code=exited, status=0/SUCCESS)
From there, your SSH server won’t be accessible anymore.
Conclusion
In this tutorial, you learned to Enable and Configure your SSH server on Ubuntu 22.04
With this tutorial, you also learned how to configure your SSH server in order for it to be robust enough for basic attacks.
You may be like these articles: