How to Enable SSH on Ubuntu

Introduction

When establishing a remote connection between a client and a server, the primary concern is security. For Linux users, the best practice for accessing and managing a server remotely is through the cryptographic protocol known as Secure Shell (SSH).

SSH encrypts all data transferred from one machine to another, ensuring no sensitive information is compromised.

In this tutorial, you will learn to enable and configure SSH on Ubuntu and troubleshoot common errors.

How to enable SSH on Ubuntu - a tutorial.

Prerequisites

  • A machine running Ubuntu (this guide is tested on Ubuntu 18.04, 20.04, 22.04, and 24.04).
  • A user account with root privileges.
  • Access to the terminal (Ctrl + Alt + T).

How to Enable SSH on Ubuntu

The SSH server is not installed by default on all Ubuntu versions. To install and enable SSH on Ubuntu, follow the steps below:

1. Open the terminal and check if an SSH server is already installed on your machine. Run the following ssh command:

ssh localhost
SSH locahost connection refused

If you see the SSH "Connection Refused" message, SSH is not installed on your machine, and you can proceed with the installation steps.

2. To ensure you install the latest SSH version, update the package repository index:

sudo apt update

3. Install the OpenSSH software package by running:

sudo apt install openssh-server
sudo apt-get install openssh-server terminal output

When prompted, type y and press Enter to permit the installation.

4. Verify the installation was successful and that SSH is running:

sudo service ssh status
sudo service ssh status terminal output

The confirmation message that you are looking for is: Active: active (running). If the service is not running, start it with:

sudo service ssh start

5. Return to the command line prompt with q.

Ubuntu SSH Configuration

The default SSH configuration options can be modified. You can change the default port (generally a good idea, as a precautionary security measure), disable the root user, or make other configuration adjustments.

The sections below show how to configure your SSH installation.

Edit SSH Configuration File on Ubuntu

After installing OpenSSH on Ubuntu, edit its configuration file to improve connection security significantly. Follow the steps below:

1. Open the SSH configuration file using a text editor such as nano:

sudo nano /etc/ssh/sshd_config

2. Change the default port number. For example, set the service to listen on the TCP port 2973 instead of the default TCP port 22. In the configuration file, find the line in which Port 22 is specified by default, uncomment the line, and change it to the port you want:

Configuring SSH to listen to a port other than 22.

Note: Changing the default port number is an SSH security best practice. Everyone is aware of the default port number so changing it is a recommended security precaution.

Disable Root Login

Another critical security precaution is to disable remote root access. That way, the root user cannot be invoked remotely, and security will be significantly improved.

1. In the configuration file, find the following line:

PermitRootLogin_yes

Uncomment and change the line to:

PermitRootLogin_no

If the line does not exist, add it to the file.

2. For the changes to take effect, restart the SSH service with the following command:

sudo systemctl restart sshd.service

Configure Firewall: Change Default Port

If you have decided to change the default port number, you must configure your firewall to allow traffic via the specified port. Let's use the example of Port 2973.

The default firewall configurations tool in Ubuntu is UFW. Configure UFW to allow traffic through port 2973 with the following command:

sudo ufw allow from any to any port 2973 proto tcp
Allowing a specific port through the ufw firewall.

Some firewalls may require allowing traffic to the public IP address of the machine running SSH.

Note: The port 2973 is the port number we have defined in the Configure SSH section. If you used the default port 22, then it is not necessary to put the port number.

How to Connect to Ubuntu via SSH

Once you enable SSH on Ubuntu, you are ready to log into your remote machine.

Open the terminal and use the following syntax to log in:

ssh [username]@[public_IP] -p[port_number]
  • [username] is the username of the account you want to access on the remote server.
  • [public_IP] is the public IP address of the remote server or computer you want to connect to.
  • -p[port_number] is the port number to use for the SSH connection.

For example:

ssh port 22 local terminal output

Change the username and IP address to the username and IP address of the Ubuntu computer on which you have installed SSH.

To find the IP address of the remote machine, open the terminal on the machine and run the following command:

ip a
ip a terminal output

The command displays the public IP address of the machine where SSH was installed.

Once you have identified and typed in all the information, you are logged into the server.

Note: Read more about secure remote access best practices.

Common SSH Commands for Ubuntu

After enabling SSH on Ubuntu, several key commands can enhance the remote management experience. These commands allow users to efficiently connect, manage, and secure their remote sessions.

Note: This section lists the few most common commands. For more information, refer to our guide to SSH commands with 25 examples and a free, downloadable cheat sheet.

1. Connect to a remote machine:

Connect to a remote machine via SSH using the following syntax:

ssh [user]@[remote_host]

Replace [user] with the username and [remote_host] with the IP address or hostname.

2. Use a specific port for SSH:

Connect to a remote machine using a specific port with:

ssh -p[port_number] [user]@[remote_host]

The -p option allows you to specify a custom port number to use to establish an SSH connection. Specify it if you have changed the connection port in your SSH configuration file.

3. Copy files between local and remote machines:

Use the scp command to seamlessly copy files from your local machine to the remote one and vice versa. The syntax is:

scp [file] [user]@[remote_host]:/path/to/destination
  • [file] - The name of the file you want to copy from your local system.
  • [user] - The username on the remote server.
  • [remote_host] - The IP address or hostname of the remote server.
  • /path/to/destination - The directory on the remote server where you want to copy the file.

4. Add an SSH key to a remote machine:

The ssh-copy-id command sets up key-based authentication by copying your public SSH key to a remote server. This allows you to log in to the server without using a password, making the connection both more convenient and secure.

The syntax is:

ssh-copy-id user@remote_host

The command transfers your public key (~/.ssh/id_rsa.pub) to the remote server. Make sure to generate the SSH keys beforehand.

Note: For more information, refer to our guide to passwordless SSH.

5. Check your SSH connection status:

Use the -v option (verbose mode) to display detailed information about the SSH connection process. This is useful when troubleshooting connection problems or trying to understand what happens during the authentication and session setup. The syntax is:

ssh -v [user]@[remote_host]

Note: Learn everything about SSH port forwarding (SSH tunneling).

Troubleshooting Common SSH Errors on Ubuntu

Several common errors can occur when using SSH to connect to remote servers. Below are solutions that combine network, DNS, and configuration-related troubleshooting steps.

Hostname Resolution Failed

This error occurs when the client is unable to resolve the SSH host to a network address. Although it is usually related to DNS issues, the problem could also stem from a typo or a misconfigured /etc/hosts file. The error looks similar to the following:

ssh: Could not resolve hostname example.com: Name or service not known

To resolve the issue, try one of the following:

  • Check hostname spelling. Verify that you typed the hostname correctly. Small typos can lead to connection failures.
  • Ping the server. Use the ping command to ensure the hostname is correctly resolving on your machine.
  • Use the IP address. As a temporary workaround, try to connect directly using the server's IP address instead of the hostname.
  • Check DNS resolution. Use a third-party tool like whatsmydns.net to verify whether DNS records are propagating correctly outside your network. You can also check DNS configuration locally by reviewing the /etc/resolv.conf file or the DNS settings for your machine.

Connection Timeout

A connection timeout occurs when the client tries to establish a connection, but the server does not respond in time. The cause could be a firewall blocking the connection, an incorrect IP address, or a network issue. The error looks similar to the one below:

ssh: connect to host 203.0.113.0 port 22: Connection timed out

To resolve the issue:

  • Verify the IP address. Double-check that the IP address or hostname you are connecting to is correct.
  • Check network restrictions. Some networks may block port 22 or custom SSH ports. Test SSH connectivity with a known working server on the same port to verify if the issue is network-specific.
  • Use alternative ports. If your SSH server uses a non-standard port, specify it in your command.
  • Ping the server. Use the ping command to test if the server is reachable.
  • Check firewall rules: On the server, ensure that SSH traffic is allowed through the firewall. If you are using UFW, run:
sudo ufw allow ssh

Permission Denied

The "permission denied" error occurs when the server does not accept your public key for authentication. It is usually caused by an incorrect key configuration or incorrect permissions on the remote server. The error looks like the following:

Permission denied (publickey)

Solution:

  • Ensure your public key is copied correctly. Use ssh-copy-id from the section above to copy your key to the remote server.
  • Check file permissions. Ensure that the .ssh directory and authorized_keys file on the remote server have the correct permissions. Use the chmod command to change the file permissions:
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Connection Refused

The connection refused error means the client could reach the host, but the SSH server is not accepting the connection. The reason for the error could be because the SSH service is down, listening on a different port, or firewall rules are blocking the connection. An example of the error is below:

ssh: connect to host 203.0.113.0 port 22: Connection refused

To resolve the issue:

  • Verify SSH is running on the server. Make sure that the SSH service is up and running:
sudo systemctl status ssh

If the command returns an inactive status, start it with:

sudo systemctl start ssh
  • Ensure correct port usage. If you configured SSH to run on a different port, specify it in the SSH command when connecting.
  • Firewall configuration. Make sure that firewall rules on the remote server allow connections on the SSH port.

How to Disable SSH on Ubuntu

To temporarily disable SSH on Ubuntu, run:

sudo service ssh stop

Start the SSH service with:

sudo service ssh start

To completely disable SSH after reboot:

sudo systemctl disable ssh

Enable SSH on Ubuntu after reboot with:

sudo systemctl enable ssh

Conclusion

This tutorial showed how to enable SSH on Ubuntu, configure and secure the server, and troubleshoot common SSH issues. Now, you can establish a reliable and secure protocol between you and a remote device.

Next, learn how to fix the "ssh_exchange_identification: read: Connection reset by peer" error.

Was this article helpful?
YesNo
Bosko Marijan
Having worked as an educator and content writer, combined with his lifelong passion for all things high-tech, Bosko strives to simplify intricate concepts and make them user-friendly. That has led him to technical writing at PhoenixNAP, where he continues his mission of spreading knowledge.
Next you should read
Security SysAdmin
How to Install / Enable OpenSSH on CentOS 7
August 28, 2019
This article provides all the information you need in order to set up SSH encryption on your remote device...
Read more
Security SysAdmin
How to Enable SSH on Debian 9 or 10
March 20, 2024
If you are using Debian 9 or Debian 10 to manage servers, you must ensure that the transfer of data is as...
Read more
Security SysAdmin
How to Generate SSH Keys on Ubuntu
March 7, 2024
Establishing a connection with a remote server without taking the proper security measures can lead to severe...
Read more
Bare Metal Servers Security Web Servers
How to Use SSH to Connect to a Remote Server in Linux or Windows
October 24, 2024
In this tutorial, Find out How To Use SSH to Connect to a Remote Server in Linux or Windows. Get started with...
Read more