How to Install and Configure SSH Server on Ubuntu 24.04

SSH (Secure Socket Shell) server connects multiple machines within the network. Primarily, the SSH server is used to access the other machines’ terminals and perform operations remotely. However, its extended use also includes copying files/directories, i.e., scp. Moreover, SSH is configurable and you can customize its settings as per your requirements which makes it more secure than its default mode(s).

SSH Works on the client-server architecture, i.e., the client is the machine that is trying to access the other machine (server machine). Because of its remote feature with security, it is widely used in Ubuntu (and other Linux systems).

Recently, Ubuntu has released its LTS, i.e., Ubuntu 24.04. So, let’s learn how you can install and configure the SSH server on Ubuntu 24.04.


How to Install SSH Server on Ubuntu 24.04

SSH server is available on the default repositories of Ubuntu 24.04. In most Linux distributions, the OpenSSH server and OpenSSH client are used to communicate, i.e., known as the implementation of SSH client/server. Thus, you need to have the OpenSSH server for the implementation of the SSH server. Let’s see how you can install SSH Server on Ubuntu 24.04:

Step 1: Update the Core Libraries

Since SSH is available on the default repositories, first update the packages list of your system:

sudo apt update

Step 2: Install SSH Server

Install the SSH server and all its required components using the command:

sudo apt install ssh

As you can see, the “openssh-server” has also been installed.

Step 3: Start the SSH and Verify the Installation

Once the SSH server is installed, start its service (if not by default) and check the status of the SSH service:

sudo systemctl start ssh                        #Start the SSH
sudo systemctl status ssh                       #Status

SSH service is available as “ssh”:

That’s how simple the installation is. Let’s configure it now.

How to Configure SSH Server on Ubuntu 24.04

To start working with SSH, you have to check/manage the SSH service and allow the default port for a connection. This is the least requirement to get to an SSH connection. Let’s do this:

Enable and Manage the SSH Service

The “systemctl” utility manages the SSH service on Ubuntu 24.04. Here are the commands to enable and manage the SSH service on Ubuntu 24.04:

Enable the SSH Service

It is recommended to enable the SSH service to keep SSH functioning after every reboot. Use the enable option of the “systemctl” command, as follows:

sudo systemctl enable ssh

Restart the SSH Service

After each change in the SSH settings, you need to restart its service to apply those changes:

sudo systemctl restart ssh

Check the Status

Once the service is restarted, check the status of it to ensure it is running well or not:

sudo systemctl status ssh

Allow the SSH Default Port Through the Firewall

SSH by default listens to “Port 22” which is not allowed on the firewall. You need to configure your system firewall (on the server side), i.e., using the ufw. First, install ufw using the command:

sudo apt install ufw

Now, enable it:

sudo ufw enable

Check the status to confirm it is active:

sudo ufw status

Allow SSH Port Through Firewall

You can allow SSH connection through the firewall using the “ssh” keyword with the ufw command as:

sudo ufw allow ssh

Note: You can allow the SSH port using the port number as well:

sudo ufw allow 22

Reload the Firewall

After each change on the firewall, it is recommended to reload it:

sudo ufw reload

Check the Status

To confirm the changes, check the status using the ufw command:

sudo ufw status

Here you go, the default port of the SSH is now available for the connections.

Lastly, restart the server:

sudo systemctl restart ssh
  • Tip: Check the Port to Whom the SSH Server is Listening

You can specifically check the port on which SSH is listening by using the following command:

sudo ss -tulpn | grep 'ssh'

Establish an SSH Connection

Once you have configured the server side, you need to install the SSH-client (OpenSSH-client) on the client machine. Here are the commands to install the ssh client’s implementation:

sudo apt install openssh-client            #Debian/Ubuntu/etc
sudo dnf install openssh-clients           #Fedora/RedHat/etc
sudo zypper install openssh                #SUSE/OpenSUSE/etc
sudo pacman -S openssh                     #Arch/Manjaro/etc

Now, check the address of the server:

ip a

You need to check the IP address of the respective network interface that is active:

Here, in our case the network interface is “enp0s3” and its associated IP is marked in the output.

Now, use the “username” and the “IP-Address” of the server machine and run the following command from the client side:

ssh username@IP-Address


  • Type “Yes” to add the server to the list of known servers.
  • And then you need to enter the user password to whom you are connecting.

Upon successful authentication, the connection to the SSH server has been created. Now, you can perform command line operations on the connected server.

How to Secure the SSH Connection

Although, SSH is secure by default as it uses the user’s password to authenticate the connection. However, you can make it more secure by changing the default port, setting up the SSH Keys, or performing some advanced-level configurations. Let’s learn how to do it:

Change the Default Port

To change the default port, you have to dedicate it to SSH and allow it for SSH through the firewall. Here are the steps:

Step 1: Check the Availability of the Port

First, you need to check whether the port number (you selected) is available or not. Here is the command to do so:

sudo ss -tulpn | grep ':<Port-Number>'

If the port is occupied, it will show the service name to whom it is occupied.

Step 2: Change the Port in the Configuration File

Open the SSH’s configuration file (available at “/etc/ssh/sshd_config”)

Step 3: Allow the Port Through Firewall

Now, allow that same port through the firewall using the ufw command:

sudo ufw allow <port-number>/tcp

Reload the firewall and the SSH service too:

sudo ufw reload
sudo systemctl restart ssh

Note: If the port has not changed yet, reboot the system.

Once you are all set, check whether the port (you set) is listening to SSH or not:

sudo ss -tulpn | grep ':4040'

Establish the Connection

When trying to connect other than the default port, you need to use the “-p” option of the “ssh” command, as directed in the following syntax:

ssh -p <port-num> username@ip-address

Set-Up SSH Keys for SSH Logins

SSH keys enhance the authentication mechanism with an extra layer of key(s) matching. The key pair is generated on the client machine and the public key is then copied to the server. When a connection is attempted, the key match is performed to authenticate that connection.

Step 1: Generate SSH Keys (At Client End)

Here’s the command to generate the SSH key pairs:


It is recommended to enter the passphrase for the private key, i.e., this passphrase will be required when connecting to the server:

Step 2: Copy the Public Key (From Client to Server)

Check the username and the IP address of the server where the keys will be copied and use the ssh-copy-id command to copy the key:

ssh-copy-id usernam@ip-address

Step 3: Establish a Connection

Now, when you try to connect, the key pair matching is performed, if the match is successful, the connection will be established:

ssh username@ip-address

While attempting a connection, the passphrase is required to unlock the private key (at the client end) and match it with the public key (available at the server’s end):

Upon successful matching, the connection will be established.

Enable the Publickey Authentication

If you have set up the SSH keys, it is recommended to enable the Public Key Authentication in the SSH’s configuration file. Open the config file and recommend the PublickeyAuthentication line:

sudo nano /etc/ssh/sshd_config

Make sure its value is set to “yes”:

  • Tip: Disable the Password Authentication

When you have enabled PubkeyAuthentication, you can disable the password-based authentication to disallow any password-attempted logins, i.e., the default behavior of the SSH. For that, uncomment the line “PasswordAuthentication” and ensure to set its value to “no”:

Disable the Root Login

The root user has the most privileges among all the users. It is recommended to disable the root user login, i.e., you cannot connect/access this system with root privileges. Open the “/etc/ssh/sshd_config” file uncomment the “PermitRootLogin” and set its value to “no”:

Other Configurational Parameters

The SSH configuration file contains more configurable parameters that enhance the user experience with security. Here is the list of such parameters that you can configure as per your requirements:

MaxAuthTriesNumber of attempts allowed for authentication. The default value is 6, keep it at a lower number. The server counts the number of failed attempts and terminates the connection when this number exceeds.
MaxSessionsThe number of allowed sessions for this server on the network.
LoginGraceTimeOnce the connection is requested, the LoginGraceTime parameter allows you to authenticate the connection within that specific time, i.e., the default value is 60 sec.
StrictModesWhether SSH checks the file permissions and ownerships before connecting or not.
ClientAliveIntervalThe interval between each keepalive message (from server to client).
ClientAliveCountMaxThe maximum number of keepalive messages allowed without receiving a response.

That’s all from this brief guide on SSH.

Bottom Line

SSH allows you to connect to the machine remotely and do the command-line operations. SSH server’s implementation is not available by default on Ubuntu 24.04 but can be installed using “sudo apt install ssh”. The configuration of the SSH depends on what purpose are you configuring. Mostly, it is to make the connection more secure. Thus, you can follow the authentication-based configuration demonstrated here. Just, identify your need and apply that relevant configuration.

This post has demonstrated the installation and configuration of the SSH Server on Ubuntu 24.04.