Introduction

When establishing a remote connection between a client and a server, a primary concern is ensuring it is secure. For Linux users, the best practice of accessing and managing your server remotely is through the cryptographic protocol known as Secure Shell (SSH).

SSH encrypts all data transferred from one machine to another, making sure that no sensitive information is compromised during the process. As a desktop client, you can safely run a command line, transfer files, secure network services, and much more.

By following the steps below, you will learn how to install and setup SSH on Ubuntu 18.04.

tutorial header on installing and enabling ssh on ubuntu 18.04

Prerequisites

  • Ubuntu 18.04 Bionic Beaver (or any other Debian-based Linux, including Ubuntu 17.04, 16.10, 16.04, etc.)
  • A user with sudo privileges.
  • The IP address and permissions to access the remote computer.
  • Access to a terminal/command line.
  • The apt-get tool, pre-loaded in Ubuntu and other Debian-based distros
  • OpenSSH 7.5 or higher

Enable SSH on Ubuntu

The SSH server is not installed by default on Ubuntu systems. To install and enable SSH on Ubuntu follow the steps found below:

1. Open the terminal either by using the CTRL+ALT+T keyboard shortcut or by running a search in Ubuntu Dash and selecting the Terminal Icon.

2. Before starting the installation process, check if an SSH server has already been installed on your computer. Use the following command:

ssh localhost

If you see the following message, you will have to go through the SSH installation process.

ssh: connect to host localhost port 22: Connection refused

connection refused on local host port 22

3. To install SSH, first update the package repository cache with:

sudo apt-get update

4. Now Install the OpenSSH software package by entering:

sudo apt-get install openssh-server

installation of the openssh software package in the terminal

If prompted, type in your password and press y (yes) to permit the installation.

5. To verify the installation was successful and SSH  is running use the command:

sudo service ssh status

The confirmation message that you are looking for is: Active: active (running)

This means you have installed and enabled SSH on your remote machine which can now accept commands from your SSH client.

verification that SSH is enabled on Ubuntu

6. To return to the command line prompt enter q.

Log Into Remote Server With SSH

Once you have gone through the process of enabling SSH on Ubuntu 18.04, you are ready to log into your remote machine.

1. Open the terminal (CTRL+ALT+T) and type the following command:

ssh username@public_IP – p222

Change the username and IP address to the username and IP address of the Ubuntu computer on which you have installed SSH.

2. If you do not know the IP address, you can quickly identify it through the terminal by typing the command:

ip a

This should display the public IP address of the machine where SSH was installed.

Once you have identified and typed in all the information, you have officially logged into your server. You are free to manage it from the comfort of your workstation safely.

SSH Configuration Options

Edit Configuration File

After successfully installing OpenSSH, you can edit its configuration file.

You can change the default port (generally a good idea, as a precautionary security measure), disable the “root ” user or make other configuration adjustments.

1. Open your SSH configuration file with the command:

sudo gedit /etc/ssh/sshd_config

opening the SSH config file

Gedit is a text editor which comes by default in Ubuntu, but you can also use other text editors such as nano. If you prefer using nano, you can easily install it by running the following command:

sudo apt-get install nano

2. When prompted, type in your password and press y (yes) to permit the installation.)

3. Then replace “gedit ” with “nano” type in the command:

sudo nano /etc/ssh/sshd_config

4. Now that you have opened the file (using any of the text editors recommended above) find and make any necessary changes.

For example, if you wish to change the port number to listen on TCP port 2222 instead of the default TCP port 22, find the line in which Port 22 is specified by default, and change it to Port 2222.

change the ssh port number ubuntu


Note: Changing the default port number is the best practice. Everyone is aware of the default port number so changing it is a recommended security precaution.


Disable Root

Another critical security precaution is to make sure that the root is disabled. That way, the root user cannot be invoked remotely, and security will be significantly improved.

1. In the configuration file, find the line that reads PermitRootLogin and select no.

2. After you have made the desired changes, save and close the file by using the CTRL+W keyboard shortcut (or the commands to save and close in your editor of choice). Press y and hit Enter.

3. For the changes to take into effect, restart SSH with the following command:

sudo systemctl restart sshd.service

Configure Firewall

If you have decided to change the default port number, you must configure your firewall to allow traffic via the specified port.

Let’s use the example of Port 2222.

The default firewall configurations tool in Ubuntu is UFW, configure it with the command:

sudo ufw allow from any to any port 2222 proto tcp

Some firewalls may require allowing traffic to the public IP address of the machine running SSH.


Note: The "p2222” is the port number we have defined in the Configure SSH section. If you used the default port 22, then it is not necessary to put the port number.


How to Disable SSH on Ubuntu

To temporarily disable SSH:

sudo service ssh stop

To start SSH again:

sudo service ssh start

To completely disable SSH after reboot:

sudo systemctl disable ssh

To enable SSH on Ubuntu host again:

sudo systemctl enable ssh

Conclusion

By following the simple steps above, you now know how to install and enable SSH on Ubuntu 18.04. Now you can establish a reliable and secure protocol between you and a remote device.

Get started by logging to your machine to perform sysadmin tasks with the command prompt.