Configuring SSH on Ubuntu is a foundational skill for any system administrator or developer working with remote servers. Secure Shell provides a robust and encrypted method to manage your systems, transfer files, and execute commands without exposing sensitive data to interception. This guide walks through the entire process, from initial installation to advanced security hardening, ensuring your connections are both reliable and protected.
Understanding the SSH Service on Ubuntu
Before diving into configuration, it helps to understand the underlying architecture. Ubuntu utilizes OpenSSH, a mature and widely-adopted implementation of the protocol. The primary daemon responsible for handling incoming connections is sshd , while the ssh client allows you to connect to other machines. By default, the service is configured to listen on port 22, but this is often the first target for automated attacks. A solid configuration balances accessibility with security, ensuring only authorized users can gain entry.
Installing and Starting the SSH Server
Most Ubuntu installations include the SSH client by default, but the server component might be missing if you set up a minimal image. To install the server, you will use the Advanced Package Tool. Once installed, the service usually starts automatically, but you can manage its state manually to suit your workflow.
Installation Commands
Update the package index: sudo apt update
Install the OpenSSH server: sudo apt install openssh-server
Check the service status: sudo systemctl status ssh
Adjusting the Firewall for SSH Access
If you have a firewall enabled, which is common on production servers, you must explicitly allow traffic on the port you intend to use. Ubuntu uses ufw (Uncomplicated Firewall) to manage these rules. Opening the port ensures that your connection attempts are not silently dropped by the kernel, which would otherwise result in timeouts and confusion.
Configuring UFW
Allow SSH from default port: sudo ufw allow ssh
Alternatively, allow specific port: sudo ufw allow 222/tcp
Reload the firewall: sudo ufw reload
Modifying the Main Configuration File
The heart of SSH configuration lies in /etc/ssh/sshd_config . This text file contains hundreds of directives, but only a handful are necessary for a secure and efficient setup. You should always back up this file before making changes, as a single typo can lock you out of the server. Using a syntax checker before restarting the service can prevent these costly mistakes.
