SSH Configuration

Introduction

SSH (Secure Shell) is an essential protocol used to securely access network services over an unsecured network.

This tutorial will walk you through the process of installing and configuring SSH on Ubuntu 22.04 to ensure a secure connection.

Step 1: Prepare Ubuntu

Before installing SSH, it's important to update your system to ensure all packages are up to date. This can prevent conflicts and ensure security patches are applied.

sudo apt update && sudo apt upgrade

Step 2: Install SSH on Ubuntu

Ubuntu 22.04 does not come with SSH installed by default. You will need to install the OpenSSH server package manually.

sudo apt install openssh-server

Confirm any prompts with "Yes" to proceed with the installation.

Step 3: Start and Enable SSH

Once installed, start the SSH service and enable it to launch at boot using the following command:

sudo systemctl enable --now ssh

To check the service status to confirm it's active and running:

sudo systemctl status ssh

To disable SSH (if ever needed):

Step 4: Configure the Firewall

Ensuring the firewall allows SSH connections is critical. Check the current firewall settings with:

If SSH is not listed, enable it by allowing SSH traffic:

Step 5: Connect to the Server

Finding the Server's IP Address or Domain Name

This will list all the networking details, including the server's IP address.

Look for entries under "inet" which will show IPv4 addresses.

This command is the simplest way to find out what username you're currently using in your session. It displays the username of the current user when you execute it.

With your username and IP address in hand, you can connect to your server using:

Replace username, IP_address, or domain with the actual user account and IP/domain of your server.

Step 6: Configure SSH for Increased Security

Further enhance your server's security by modifying the SSH configuration:

Back Up the Configuration

Before making any changes, back up your current SSH configuration:

Editing the Configuration

Open the configuration file with a text editor like nano:

Change the Default Port

Changing the default SSH port can help deter standard automated attacks:

1. Find the line #Port 22.

2. Uncomment it by removing the #.

3. Change 22 to a high number (49152 - 65535) like 49532.

Enable Key-Based Authentication

This is more secure than password authentication:

1. Find the line #PasswordAuthentication yes.

2. Change it to PasswordAuthentication no.

Disable Root Login

Prevent the root user from logging in via SSH for added security:

1. Find #PermitRootLogin yes.

2. Change it to PermitRootLogin no.

Apply Other Security Measures

• UseDNS to check hostname matches IP.

• PermitEmptyPasswords should be no.

• MaxAuthTries to limit failed login attempts.

• AllowUsers/AllowGroups to specify who can log in.

• LoginGraceTime and ClientAliveInterval to manage session and connection times.

After making all changes, save and exit the editor (Ctrl+X, then Y and Enter).

Restart SSH

Apply the changes by restarting the SSH service:

If you've changed the SSH port, remember to specify it when connecting:

Conclusion

This tutorial provided a detailed step-by-step guide to install and securely configure SSH on Ubuntu 22.04. By following these steps, you can ensure a secure and efficient remote management of your servers.