Linux has always had strong support for SSH, and Ubuntu is no different. We’ll walk through a basic installation of an SSH server, and some basic security configuration as well. The default SSH server package for Ubuntu is OpenSSH Server, which we’ll use here.
First, you’ll need to install OpenSSH Server. To do so, open up a Terminal window and type the following command:
sudo apt-get install openssh-server
Enter your password to authenticate, and the apt utility will download and install OpenSSH Server for you. Depending on the speed of your Internet connection and your computer, the installation may take several minutes.
Once the installation has finished, return to the Terminal window. We’ll need to make a few changes to your /etc/ssh/sshd_config file in order to increase SSH’s security. First, as always, we’ll want to make a backup copy of your sshd_config file in case anything goes wrong. Type this command into the Terminal:
sudo cp /etc/ssh/sshd_config ~
This will make a backup copy of the sshd_config file in your home directory.
Next, we’ll need to edit the sshd_config file itself. So it’s time to use your skills in vi again:
sudo vi /etc/ssh/sshd_config
Like almost every other server software package, SSH is controlled by a number of directives in its configuration file. The default installation of OpenSSH server is reasonably secure. However, you might want to make a few changes to tighten up its security to additional degree.
The “PermitRootLogin” directive is one you’ll want to change. Once you’re editing the /etc/ssh/sshd_config file, you’ll want to change the following directive as follows:
This will keep anyone from attempting to log into your server via SSH as root. It’s generally a good idea not to allow any to log into your SSH server as root. If an attacker manages to hack into your SSH server with the root login, he will have complete control over your machine, and that is definitely not a good thing.
Another directive you might want to change is the “AllowUsers.” When the AllowUsers directive is active, only users specifically specified in the directive can access the system through SSH. This adds an additional layer of protection to your SSH server by only allowing specific users to connect via SSH. For instance, if you wanted to limit SSH access to just the “camalas” user account, edit the AllowUsers directive like this:
To add multiple users to the AllowUsers directive, just add them one by one without commas or semicolons. An AllowUsers directive that permits the camalas user account and the lmaraeus user account to log in would look like this:
AllowUsers camalas lmaraeus
You may also want to consider changing the Port directive. By default SSH runs over TCP/IP port 22, which means that any malware bot autoscanning port 22 can target it. If you set up your user accounts with a weak password (always a bad idea), eventually an automated bot might break through and guess the password. Changing the Port directive to something different will make SSH run over a different port, blocking some of those automated cracking attempts. To set SSH to run over port 5699 instead, make sure your Port directive looks like this:
Note that if you change your SSH server’s default port, you’ll need to remember the new port number when using an SSH client, which we’ll cover in the next section.
After you’ve finished changing the directives in /etc/ssh/sshd_config, switch vi to command mode, and save and quit vi. After you return to the command line, restart the SSH daemon with this command:
sudo /etc/init.d/ssh restart
You should now be able to SSH into your Ubuntu machine from another system with an SSH client.
Was this post helpful? These books might be useful: