Security is always a concern for remote communication between server and client. The first and most common solution to improve the security of a remote client-to-server connection is to enable SSH. Now your question is, what is SSH that can provide the security we expect in communicating with the server?
SSH stands for Secure Shell, a network encryption protocol that secures interactions between a server and a client. Using the SSH protocol, you can execute commands and logins remotely through local or remote networks on machines in a secure environment. SSH protocol is the safest and best way to access and manage the server because it encrypts all the data and files that are transferred through the network when connecting to the server.
So by enabling SSH on your Linux systems which Ubuntu is one of the most widely used Linux distributions, you can use network services without worry and connect to your Linux system remotely. You can also transfer your data without accepting possible risks and protect the data and commands you run on your local desktop command line.
So we come to the exciting part, how to enable SSH on the Ubuntu Linux system?
If you want to install and configure the SSH protocol on the Ubuntu Linux system, read this article to the end and follow the instructions in this article.
If you are reading this tutorial now, you most likely have an Ubuntu Linux server or are planning to buy a Linux VPS and run Ubuntu on it, and are looking for a secure way to connect to your Linux server. Therefore, having a Linux VPS with Ubuntu operating system is one of the prerequisites for this training. Then you need to consider the following to install and configure SSH on Ubuntu.
- Having sudo or root user privileges
- Having the necessary privileges to communicate with the remote machine
- Ensuring that the apt-get tool is loaded in the Ubuntu operating system (Ubuntu operating system usually has this tool.)
- Access to the command line
Installing and configuring SSH on Ubuntu
Before starting the process of enabling SSH on the Ubuntu server, as a root user or using sudo privileges, enter the terminal environment of your Linux system by pressing the Ctrl+Alt+T buttons. first, check if the SSH server is already started on your system using the SSH command:
By receiving the “Connection Refused” message, you will be sure that the SSH server is not installed on your system. Usually, you cannot use the default SSH protocol to connect to the Ubuntu server that you set up for the first time. For this reason, you must enable SSH on the Ubuntu server.
Step 1: Start the process of enabling SSH on the Ubuntu server by installing the OpenSSH-server package. Since you can find the OpenSSH-server package in the Ubuntu repository, it is better to update the package repository cache first, and then install the OpenSSH-server package by running the following commands:
sudo apt update sudo apt install openssh-server
You may be asked to enter your password to authorize the installation process and press Y (Yes) to confirm.
Step 2: After you have successfully installed the SSH server, you can enter the following command to ensure that SSH is installed and running:
sudo systemctl status ssh
ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Sun 2022-06-01 10:40:00 CEST; 9h ago ...
Viewing Active: active (running) indicates that SSH is active and running on the remote system.
You can return to the command line by pressing the “q” button.
Connecting to a remote server via SSH
After enabling SSH in Ubuntu you can now connect to the remote system via SSH. In this case, you must execute the SSH command and the IP address and username as follows:
ssh username@public_IP –p22
It is better to replace the IP address and username of the Ubuntu system on which we activated SSH instead of your IP address and username.
If you have forgotten your IP address or for any reason you do not know what your IP address is, you can identify your IP address with the help of the following command:
In the output you will receive, you will see the public IP address of the device on which SSH is installed.
After you have identified the IP Address and the necessary information, you can connect to your remote server and manage it from your workstation in a secure way.
When you connect to the remote server by executing the SSH command, you will receive a message that you must type yes to continue the process and enter the password if asked; Then you will be greeted with the default Ubuntu welcome message that congratulates you on logging into the Ubuntu system.
Connecting SSH server behind NAT
If you want to connect to your home Ubuntu system via the Internet, you need to know your public IP address and apply the necessary settings on the router to receive data on port 22 and send it to the Ubuntu system running SSH.
To access the public IP address of the system you want to connect to via SSH, just visit https://api.ipify.org.
Since the method of setting up port forwarding is different in each router, you must refer to your router’s documentation to set up port forwarding.
In general, you should use the private IP address of the system that runs SSH, which you saw through the
ip acommand, and the port number where the requests are made, which is usually 22 by default for SSH.
After making the necessary configurations on the router and finding the IP address, run the following command to connect:
We recommend that you use security methods when connecting, especially when your system connects to the Internet. Configure the router in such a way that when SSH traffic is received on a non-standard port, it will be forwarded to port 22 on the system where SSH is enabled. Configuring SSH key-based authentication is another secure way to connect to an Ubuntu system.
Required SSH configurations
After installing and running OpenSSH in Ubuntu, you can configure various things in SSH. One of the useful changes to improve security can be changing the default port and disabling the Root user, and other necessary configurations are also possible, we will teach the most common configurations in the following.
If the firewall is active on the Ubuntu system. You need to open the SSH port on it. In the Ubuntu system, there is a UFW firewall configuration tool, which we will use to open the SSH port:
sudo ufw allow ssh
Changing the default port number is one of the common security methods because everyone is aware of the default ports, so it is better to change the default port number to increase security. Follow the command format below to change the default port and configure the firewall to allow traffic on the specified port:
Taking port 2222 as an example, the firewall will be configured as follows.
sudo ufw allow from any to any port 2222 proto tcp
In some firewalls, it is necessary to do the configuration to allow the traffic to the public IP address of the system on which SSH is active.
Note that the above command is for situations where you want to change the default port and specify your own defined port. If you use the default port 22, you do not need to specify a port number.
As a result, you will now be allowed to connect to the Ubuntu system from the remote system through the SSH protocol. In Linux and macOS systems, SSH clients are installed by default. In Windows systems, use an SSH client such as PuTTY to connect.
Change in SSH configuration file
You can make changes in the configuration file after enabling SSH in the Ubuntu system.
To edit the SSH configuration file, open the file by running the nano command (it is one of the Linux text editors that we previously introduced you to how to use Nano):
sudo nano /etc/ssh/sshd_config
You can open the SSH configuration file with any Linux text editor and then make the necessary edits.
Editing is not difficult, for example, if you want to change the default port number of TPC for listening, just find the line containing the default port number in the output of the above command and change it to the desired port number.
Deactivation of Root
To improve security, it is useful to disable remote root access. To do this, in the configuration file, make an edit in the line that includes the phrase” PermitRootLogin_yes” and replace the phrase “PermitRootLogin_no” instead of the phrase PermitRootLogin_yes.
After you have made the required change, restart the SSH service via the following command to make sure the changes take effect:
sudo systemctl restart sshd.service
Disabling the SSH service in Ubuntu
If you find yourself in a situation where you want to temporarily disable the SSH service in Ubuntu, simply stop the SSH service by running the following command:
sudo service ssh stop
Use the following command to start the SSH service:
sudo service ssh start
If you don’t need SSH service at all and you want to completely disable SSH service in Ubuntu, run the following command after reboot:
sudo systemctl disable ssh
To activate the SSH service in Ubuntu, first reboot the system and then enter the following command:
sudo systemctl enable ssh
Connecting via SSH provides a secure mechanism for remote SSH client management. It also encrypts and authenticates the server and client communications.
SSH authentication is not limited to the password to connect to the remote server, but It also applies to devices. Therefore, through SSH, you can make connections and interactions between the remote server and the client more secure.
You must first enter the terminal and execute the SSH command:
Then, if the system supports running SSH commands and you can use the ssh-keygen command for various purposes in the command line, then SSH is enabled on your Ubuntu system. But if you get Connection Refused message then you need to enable SSH on your Linux system.
By default, SSH runs on port number 22, but in exceptional cases, other ports can also be run.
Enabling the secure and reliable SSH protocol as an additional security shell on your system will reduce the risks of attacks and allow you to communicate with the remote system securely and perform daily sysadmin tasks in the desktop terminal environment of your system in a secure environment.
In this tutorial, we explained the steps to enable SSH service in Ubuntu and also guide you in the necessary configurations that can increase the security of connecting to the remote system. Refer to Ubuntu configuration guide pages and the SSH official page can guide you more in the field of SSH server configuration in Ubuntu. If you encounter a problem in this article and have a question, share it with us in the comments section so that we can guide you.
Thank you for choosing our article to read.