SSH (Secure Socket Shell) server connects multiple machines within the network. Primarily, the SSH server is used to access the other machines’ terminals and perform operations remotely. However, its extended use also includes copying files/directories, i.e., scp. Moreover, SSH is configurable and you can customize its settings as per your requirements which makes it more secure than its default mode(s).
SSH Works on the client-server architecture, i.e., the client is the machine that is trying to access the other machine (server machine). Because of its remote feature with security, it is widely used in Ubuntu (and other Linux systems).
Recently, Ubuntu has released its LTS, i.e., Ubuntu 24.04. So, let’s learn how you can install and configure the SSH server on Ubuntu 24.04.
Outline:
- How to Install SSH Server on Ubuntu 24.04
- How to Configure SSH Server on Ubuntu 24.04
- How to Secure the SSH Connection
- Other Configurational Parameters
How to Install SSH Server on Ubuntu 24.04
SSH server is available on the default repositories of Ubuntu 24.04. In most Linux distributions, the OpenSSH server and OpenSSH client are used to communicate, i.e., known as the implementation of SSH client/server. Thus, you need to have the OpenSSH server for the implementation of the SSH server. Let’s see how you can install SSH Server on Ubuntu 24.04:
Step 1: Update the Core Libraries
Since SSH is available on the default repositories, first update the packages list of your system:
sudo apt update
Step 2: Install SSH Server
Install the SSH server and all its required components using the command:
sudo apt install ssh
As you can see, the “openssh-server” has also been installed.
Step 3: Start the SSH and Verify the Installation
Once the SSH server is installed, start its service (if not by default) and check the status of the SSH service:
sudo systemctl start ssh #Start the SSH
sudo systemctl status ssh #Status
SSH service is available as “ssh”:
That’s how simple the installation is. Let’s configure it now.
How to Configure SSH Server on Ubuntu 24.04
To start working with SSH, you have to check/manage the SSH service and allow the default port for a connection. This is the least requirement to get to an SSH connection. Let’s do this:
Enable and Manage the SSH Service
The “systemctl” utility manages the SSH service on Ubuntu 24.04. Here are the commands to enable and manage the SSH service on Ubuntu 24.04:
Enable the SSH Service
It is recommended to enable the SSH service to keep SSH functioning after every reboot. Use the enable option of the “systemctl” command, as follows:
sudo systemctl enable ssh
Restart the SSH Service
After each change in the SSH settings, you need to restart its service to apply those changes:
sudo systemctl restart ssh
Check the Status
Once the service is restarted, check the status of it to ensure it is running well or not:
sudo systemctl status ssh
Allow the SSH Default Port Through the Firewall
SSH by default listens to “Port 22” which is not allowed on the firewall. You need to configure your system firewall (on the server side), i.e., using the ufw. First, install ufw using the command:
sudo apt install ufw
Now, enable it:
sudo ufw enable
Check the status to confirm it is active:
sudo ufw status
Allow SSH Port Through Firewall
You can allow SSH connection through the firewall using the “ssh” keyword with the ufw command as:
sudo ufw allow ssh
Note: You can allow the SSH port using the port number as well:
sudo ufw allow 22
Reload the Firewall
After each change on the firewall, it is recommended to reload it:
sudo ufw reload
Check the Status
To confirm the changes, check the status using the ufw command:
sudo ufw status
Here you go, the default port of the SSH is now available for the connections.
Lastly, restart the server:
sudo systemctl restart ssh
- Tip: Check the Port to Whom the SSH Server is Listening
You can specifically check the port on which SSH is listening by using the following command:
sudo ss -tulpn | grep 'ssh'
Establish an SSH Connection
Once you have configured the server side, you need to install the SSH-client (OpenSSH-client) on the client machine. Here are the commands to install the ssh client’s implementation:
sudo apt install openssh-client #Debian/Ubuntu/etc
sudo dnf install openssh-clients #Fedora/RedHat/etc
sudo zypper install openssh #SUSE/OpenSUSE/etc
sudo pacman -S openssh #Arch/Manjaro/etc
Now, check the address of the server:
ip a
You need to check the IP address of the respective network interface that is active:
Here, in our case the network interface is “enp0s3” and its associated IP is marked in the output.
Now, use the “username” and the “IP-Address” of the server machine and run the following command from the client side:
ssh username@IP-Address
Here:
- Type “Yes” to add the server to the list of known servers.
- And then you need to enter the user password to whom you are connecting.
Upon successful authentication, the connection to the SSH server has been created. Now, you can perform command line operations on the connected server.
How to Secure the SSH Connection
Although, SSH is secure by default as it uses the user’s password to authenticate the connection. However, you can make it more secure by changing the default port, setting up the SSH Keys, or performing some advanced-level configurations. Let’s learn how to do it:
Change the Default Port
To change the default port, you have to dedicate it to SSH and allow it for SSH through the firewall. Here are the steps:
Step 1: Check the Availability of the Port
First, you need to check whether the port number (you selected) is available or not. Here is the command to do so:
sudo ss -tulpn | grep ':<Port-Number>'
If the port is occupied, it will show the service name to whom it is occupied.
Step 2: Change the Port in the Configuration File
Open the SSH’s configuration file (available at “/etc/ssh/sshd_config”)
Step 3: Allow the Port Through Firewall
Now, allow that same port through the firewall using the ufw command:
sudo ufw allow <port-number>/tcp
Reload the firewall and the SSH service too:
sudo ufw reload
sudo systemctl restart ssh
Note: If the port has not changed yet, reboot the system.
Once you are all set, check whether the port (you set) is listening to SSH or not:
sudo ss -tulpn | grep ':4040'
Establish the Connection
When trying to connect other than the default port, you need to use the “-p” option of the “ssh” command, as directed in the following syntax:
ssh -p <port-num> username@ip-address
Set-Up SSH Keys for SSH Logins
SSH keys enhance the authentication mechanism with an extra layer of key(s) matching. The key pair is generated on the client machine and the public key is then copied to the server. When a connection is attempted, the key match is performed to authenticate that connection.
Step 1: Generate SSH Keys (At Client End)
Here’s the command to generate the SSH key pairs:
ssh-keygen
It is recommended to enter the passphrase for the private key, i.e., this passphrase will be required when connecting to the server:
Step 2: Copy the Public Key (From Client to Server)
Check the username and the IP address of the server where the keys will be copied and use the ssh-copy-id command to copy the key:
ssh-copy-id usernam@ip-address
Step 3: Establish a Connection
Now, when you try to connect, the key pair matching is performed, if the match is successful, the connection will be established:
ssh username@ip-address
While attempting a connection, the passphrase is required to unlock the private key (at the client end) and match it with the public key (available at the server’s end):
Upon successful matching, the connection will be established.
Enable the Publickey Authentication
If you have set up the SSH keys, it is recommended to enable the Public Key Authentication in the SSH’s configuration file. Open the config file and recommend the PublickeyAuthentication line:
sudo nano /etc/ssh/sshd_config
Make sure its value is set to “yes”:
- Tip: Disable the Password Authentication
When you have enabled PubkeyAuthentication, you can disable the password-based authentication to disallow any password-attempted logins, i.e., the default behavior of the SSH. For that, uncomment the line “PasswordAuthentication” and ensure to set its value to “no”:
Disable the Root Login
The root user has the most privileges among all the users. It is recommended to disable the root user login, i.e., you cannot connect/access this system with root privileges. Open the “/etc/ssh/sshd_config” file uncomment the “PermitRootLogin” and set its value to “no”:
Other Configurational Parameters
The SSH configuration file contains more configurable parameters that enhance the user experience with security. Here is the list of such parameters that you can configure as per your requirements:
Parameter | Purpose/Description |
---|---|
MaxAuthTries | Number of attempts allowed for authentication. The default value is 6, keep it at a lower number. The server counts the number of failed attempts and terminates the connection when this number exceeds. |
MaxSessions | The number of allowed sessions for this server on the network. |
LoginGraceTime | Once the connection is requested, the LoginGraceTime parameter allows you to authenticate the connection within that specific time, i.e., the default value is 60 sec. |
StrictModes | Whether SSH checks the file permissions and ownerships before connecting or not. |
ClientAliveInterval | The interval between each keepalive message (from server to client). |
ClientAliveCountMax | The maximum number of keepalive messages allowed without receiving a response. |
That’s all from this brief guide on SSH.
Bottom Line
SSH allows you to connect to the machine remotely and do the command-line operations. SSH server’s implementation is not available by default on Ubuntu 24.04 but can be installed using “sudo apt install ssh”. The configuration of the SSH depends on what purpose are you configuring. Mostly, it is to make the connection more secure. Thus, you can follow the authentication-based configuration demonstrated here. Just, identify your need and apply that relevant configuration.
This post has demonstrated the installation and configuration of the SSH Server on Ubuntu 24.04.
Check our LinkedIn company page