Cloud servers from $4/mo - Grab the Deal! Let’s start ->
English
Community
Sign In
Sign In

Configuring SSH Keys in Ubuntu

Configuring SSH Keys in Ubuntu
Hostman Team
Technical writer
Ubuntu
24.11.2023
Reading time: 9 min
Share

By default, you use a password to connect to a server via Secure Shell (SSH). However, there are higher levels of security. We recommend configuring SSH keys to protect your system from unauthorized access.

In the article below, we'll look at SSH keys and how to connect to a remote server, for example, a Hostman one.

How Secure Shell works

Secure Shell provides a secure remote connection to the operating system. You can use it to access the shell and transfer data.

The basic configuration consists of a client and a server.

  • The client runs on the computer that establishes the connection. 

  • The server (or cloud server) runs on the system to which you need to connect. 

A significant advantage is cross-platform. For example, you can use a client running on Linux, Windows, or macOS to connect to a server running on Ubuntu. All communications between the client and server are encrypted to prevent unauthorized parties from intercepting data.

The weakness of the basic implementation is that it depends entirely on the strength of the passphrases assigned to accounts. If an attacker learns the password, the system becomes vulnerable. SSH key-based authentication helps to address this weakness.

Benefits of using SSH keys

SSH key-based authentication uses asymmetric encryption to add an extra layer of security to remote access to a system. The concept of public key encryption was developed in 1975 by Whitfield Diffie and Martin Hellman and is based on using a pair of keys: one private key and one public key.

The public part of this pair is used to encrypt data, and only the owner of the private part of the pair can decrypt it.

When setting up SSH key-based authentication, the private part is stored on the client machine, and the corresponding public key is on the system where the SSH server is running. Protecting the private key is crucial, as possessing it will allow anyone to log into the remote system. As an additional layer of protection, the private key can also be encrypted and protected by a password that you'll need to enter each time you connect to the server.

This approach can be compared to a jigsaw puzzle. Imagine you have a picture. When you tear it into two pieces, you generate a unique pair. If you print the same picture again and tear it again, you can't reproduce the same pair.

You give one part to the host and keep the other part with you. To connect to the host, you show your piece. If it matches the piece the host has, you shake hands and exchange data. If you give the host a different fragment, it won't open a connection.

-

Creating a key pair

For example, you have a server on Hostman and need to organize secure remote management using SSH. Let's say, you decide that password verification provides insufficient security (and you are too lazy to enter a long password every time). 

The logical solution is to set up SSH key authentication. To do this, you need to generate a key pair. Let's see how to do it in different operating systems.

Linux/macOS

The easiest way to create an authentication pair on Linux and macOS is to use the built-in ssh-keygen utility.

Start the terminal and run the command:

ssh-keygen

The wizard prompts you to choose where to store the authentication data files. Press Enter to keep the default directory and file name (.ssh/id_rsa). If you want to specify a specific storage location, enter the path to it and press Enter.

The wizard will then prompt you to add a passphrase for additional protection. If you don't want to add it, press Enter.

As a result, you will get two files: one with public and one with private keys. By default, the private part is stored in the id_rsa file and the public part in the id_rsa.pub file. But you can specify any file names you want, which can be useful if you connect from the same computer to different servers that use different authentication credentials.

Windows

On Windows, you can generate keys using the PowerShell command line. In recent versions, it supports the ssh-keygen utility. The procedure is the same as on Linux and macOS.

There is an alternative way: using the PuTTY application suite. It also includes the PuTTYgen generator.

  1. Start PuTTYgen and click the Generate button. 

  2. Move the mouse pointer to generate random data. 

  3. Enter an additional passphrase to secure the private key. 

When the process is complete, save the files in suitable locations using the Save public key and Save private key buttons.

Copying the public key to the server

You should store the private key on the computer from which you will connect to the server and transfer the public key to the host you want to connect to.

If the openssh-server is not installed and running on the host, install and enable it using the following commands.

apt install openssh-server
systemctl start sshd.service
systemctl enable sshd.service

There are several ways to transfer the public key.

Using ssh-copy-id

The built-in ssh-copy-id utility helps to transfer the value of the public key automatically. This method is available on Linux and macOS.

In the terminal, run the command:

ssh-copy-id username@server_address 

The first time you connect, you may get a message that the local computer did not recognize the remote host. To remember the server, type 'yes' and press Enter. After that, the utility will check the local computer and the public key and then prompt you to enter a password. After establishing the connection, the utility will copy the private key content to ~/.ssh/authorized_keys. All public keys data is stored there. In response, the terminal should display a message like this:

Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'username@remote-host'"
and check to make sure that only the key(s) you wanted were added.

Transfer via password access

If you don't have the ssh-copy-id utility, you can copy the key via Secure Shell using the password. To do this, run the command:

cat ~/.ssh/id_rsa.pub | ssh username@server_address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod go= ~/.ssh/authorized_keys"

It looks complicated, but it's actually a simple operation.

  1. First, you output the contents of the file: cat ~/.ssh/id_rsa.pub

  2. Next, you connect to the remote host: ssh username@server_address

  3. Then, you create a folder and file to store the public key.

This example uses the >> redirect symbol. It allows you to append the file's contents rather than overwriting it. It is useful if you are adding multiple keys.

Manual migration

If you don't have an ssh-copy-id (for example, you are using Windows), you can connect via Secure Shell by password, manually create the .ssh/authorized_keys file, and then add the public key.

Display the contents of the public key on the local machine with the command:

cat ~/.ssh/id_rsa.pub

Copy the displayed response. It should look like this:

ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDC4OSYUK5tAsjYMI4mLWDQleLz1d0IBz7G1cfsC9xnM
MNYfFUSVzjZzsPVnNKzNwcO6dFs8WiE37gUI8p/ekHghcxWzgEybtAY6LleLJh53LPB1D8YEh
92s21p7U0a8rQnGq1LCRQ0y8JFaf9PbmLWJM7llUKhc0YiOIJsQDZxX8g6KYSAaLH+z9Vj8Ag
5Hw4BHi0uWL03tX3jImC3DfU2JnzMAuA+EqGjO5eCkGvD5V2fVbpqscig2G2dmjg5E4I2Q7VD
lEkBMxG7PJSM3O/l8LnS4a2vICFj2am2Zk1jsGFi66/6yBDQZDsZ+SrCvkTRw0ZikxaRVwCmk
F6cgBJn rsa-key-20220602

Then connect to the server and create the ~/.ssh directory with the command:

mkdir -p ~/.ssh

Add the public key:

echo public_key_string >> ~/.ssh/authorized_keys

Instead of public_key_string, specify the content of id_rsa.pub, which you just copied. If the authorized_keys file doesn't exist, the system will create it automatically. If it does exist, you will insert a new string into it.

Finally, configure permissions for the ~/.ssh directory and the authorized_keys file. Remove all group and other permissions for the ~/.ssh/ directory:

chmod -R go= ~/.ssh

Set the directory owner to your user instead of root:

chown -R username:username ~/.ssh

If you plan to access the server from different clients, you can use ssh-copy-id or manually edit .ssh/authorized_keys to insert additional keys. Each line should store only one value.

Connecting with keys

Everything is ready to connect via SSH in Ubuntu. 

Start your terminal and run the command:

ssh username@server_address

The first time you connect, you may get a warning that the local computer doesn't recognize the remote host. To remember it, type yes and press Enter.

If you have set a password for the private key, you will be prompted to enter it. If there is no password, you will log in immediately.

Connecting with PuTTY

If you use Windows, you can also connect using PuTTY.

  1. Start PuTTY.

  2. On the Session tab, enter the hostname or IP.

  3. Leave the default port at 22.

  4. Select the connection type: SSH.

  5. Click the Connection -> SSH -> Auth tab.

  6. Click Browse and select the previously saved private key.

  7. Click Open to establish the connection.

If the connection is successful, PuTTY will launch its own terminal through which you can access the server.

Disabling the password

When using SSH keys in Ubuntu, you can disable password access. This will make the connection safer: if there's no password, no one can steal it and access your server.

Important: before you disable the password, make sure that the private key is securely stored and backed up. If you disable the password and then lose the private key, you will not be able to connect to the server remotely.

In Ubuntu, open the SSH key settings stored in sshd_config:

sudo nano /etc/ssh/sshd_config

Find the PasswordAuthentication line and change the value of yes to no

Restart the service to apply the configuration:

sudo service ssh restart

A strong move from a security perspective. Attackers can try to match the passphrase all they want. This authentication method no longer works. Only the user with the previously generated private key stored on his computer can connect.

Conclusion

By default, Secure Shell allows remote access using password-based authentication. This leaves the system vulnerable to anyone who can guess the password or get it by other means. 

We recommend SSH key-based authentication for maximum protection of access to the system. It is based on the concept of public and private key encryption. Users can only connect to the server from the client with a private key corresponding to the server's public key with a private key corresponding to the server's public key. As an additional layer of security, the private key can also be encrypted and password protected.

Ubuntu
24.11.2023
Reading time: 9 min
Share

Similar

Apache

How to Install Let’s Encrypt with Apache

In the current environment of the internet, the use of HTTPS to secure web traffic is a must. With a free and automated Certificate Authority (CA) service like Let’s Encrypt, adoption of SSL/TLS has changed dramatically because you can quickly obtain trusted certificates at no cost. This guide will walk you through installing a Let’s Encrypt certificate on an Apache web server running Ubuntu 22.04 (Jammy Jellyfish). You will configure Certbot (the official Let’s Encrypt client), set up renewal procedures, and establish good security practices. Prerequisites Before proceeding, ensure you have: An Ubuntu 22.04 system. Update it with: sudo apt updatesudo apt upgrade Apache Installed: Confirm with apache2 -v. If not present, install via: sudo apt updatesudo apt install apache2 A registered domain (e.g., example.com) pointing to your server’s public IP. Check with: ping example.com Firewall Configured: Allow HTTP/HTTPS traffic: sudo ufw allow 'Apache Full'sudo ufw enable   Sudo Privileges: Access to a user account with administrative rights. Step 1: Installing Certbot via Snap Let’s Encrypt recommends using Certbot through Snap for seamless updates. Ubuntu 22.04 includes Snap by default, but make sure it’s updated: sudo snap install coresudo snap refresh core Install Certbot: sudo snap install --classic certbot Create a symbolic link to the Certbot binary for easy access: sudo ln -s /snap/bin/certbot /usr/bin/certbot Step 2: Generating SSL Certificate with Certbot Certbot integrates with Apache to automate certificate issuance and configuration. Run: sudo certbot --apache Follow the interactive prompts: Email Address: Enter for urgent renewal notifications. Terms of Service: Accept by typing A. Domain Selection: Choose the domain(s) to secure (e.g., example.com, www.example.com). HTTP to HTTPS Redirect: Select 2 to enforce HTTPS universally. Certbot will: Generate certificates in /etc/letsencrypt/live/exple.com/. Modify virtual host files to activate SSL. Reload Apache to apply changes. Step 3: Verifying Apache Configuration Certbot updates automatically your configuration. Inspect the virtual host file for your domain: sudo nano /etc/apache2/sites-available/example.com-le-ssl.conf Look for directives like: SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pemSSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pemInclude /etc/letsencrypt/options-ssl-apache.conf Ensure the SSL module is enabled: sudo a2enmod sslsudo systemctl restart apache2 Step 4: Testing SSL/TLS Configuration Validate your setup: Visit https://example.com. Look for the padlock icon. Use curl to check headers: sudo apt install curlcurl -I https://example.com Confirm HTTP/2 200 or HTTP/1.1 200 OK. Run a free analysis at SSL Server Test to discover vulnerabilities. Step 5: Automating Renewal Let’s Encrypt certificates expire every 90 days. Certbot automates renewal via a systemd timer. Test renewal manually: sudo certbot renew --dry-run If successful, Certbot’s timer will handle future renewals. Verify the timer status: systemctl list-timers | grep certbot Troubleshooting Common Issues Port Blocking: Ensure ports 80 and 443 are open: sudo ufw status Incorrect Domain Resolution: Verify DNS records with: dig example.com Configuration Errors: Check logs via: sudo journalctl -u apache2 Certificate Renewal Failures: Inspect Certbot logs at /var/log/letsencrypt/. Advanced Configurations Enforcing HTTPS with HSTS Add the Strict-Transport-Security header to your SSL config: sudo a2enmod headerssudo systemctl restart apache2 Then in the Apache config (/etc/apache2/apache2.conf) configure: Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" Redirecting HTTP to HTTPS Certbot usually handles this, but manually update non-SSL virtual hosts: <VirtualHost *:80> # Define the primary domain name for this virtual host ServerName example.com # Redirect all HTTP traffic to HTTPS permanently (status code 301) # This ensures users always access the site securely Redirect permanent / https://example.com/ </VirtualHost> Optimizing Cipher Suites Edit /etc/letsencrypt/options-ssl-apache.conf to prioritize strong ciphers: SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDHSSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 To further enhance your Apache and Let’s Encrypt setup, consider implementing the following advanced optimizations. These steps will not only improve security but also ensure your server performs efficiently under high traffic and adheres to modern web standards. Implementing OCSP Stapling Online Certificate Status Protocol (OCSP) stapling improves SSL/TLS performance by allowing the server to provide proof of validity, reducing client-side verification delays. Enable OCSP stapling in your configuration (/etc/apache2/apache.conf): SSLUseStapling onSSLStaplingCache "shmcb:logs/stapling-cache(150000)" After making these changes, restart the web server: sudo systemctl restart apache2 Verify OCSP stapling is working: openssl s_client -connect example.com:443 -status -servername example.com Look for OCSP Response Status: successful in the output. Configuring HTTP/2 for Improved Performance HTTP/2 enhances web performance by enabling multiplexing, header compression, and server push. To enable HTTP/2 in Apache, first ensure the http2 module is enabled: sudo a2enmod http2 Then, add the following directive to your SSL virtual host: Protocols h2 http/1.1 Restart Apache to apply the changes: sudo systemctl restart apache2 Verify HTTP/2 is active by inspecting the response headers using browser developer tools or a tool like curl: curl -I -k --http2 https://example.com Setting Up Wildcard Certificates If you manage multiple subdomains, a wildcard certificate simplifies management. To obtain a wildcard certificate with Certbot, use the DNS challenge method. First, install the DNS plugin for your DNS provider (e.g., Cloudflare): sudo snap set certbot trust-plugin-with-root=ok sudo snap install certbot-dns-cloudflare Install pip and the cloudflare package: sudo apt updatesudo apt install python3-pipsudo pip install cloudflare Create a credentials file for your DNS provider: sudo nano /etc/letsencrypt/cloudflare.ini Add your API credentials: dns_cloudflare_api_token = your_api_key Secure the file: sudo chmod 600 /etc/letsencrypt/cloudflare.ini Request the wildcard certificate: sudo certbot certonly --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini -d example.com -d *.example.com Update your configuration to use the wildcard certificate. Monitoring and Logging SSL/TLS Usage Regularly monitoring SSL/TLS usage helps identify potential issues and enhance performance. Apache’s mod_ssl module provides detailed logs. Enable logging by integrating the following to your SSL virtual host configuration: LogLevel info ssl:warnCustomLog ${APACHE_LOG_DIR}/ssl_access.log combinedErrorLog ${APACHE_LOG_DIR}/ssl_error.log Analyze logs for errors or unusual activity: sudo tail -f /var/log/apache2/ssl_error.log For advanced monitoring, consider tools like GoAccess or ELK Stack to visualize traffic patterns and SSL/TLS performance. Enhancing Security with Security Headers Adding security headers to your configuration can protect your site from common vulnerabilities like cross-site scripting (XSS) and clickjacking. Include the following directives in your virtual host file: Header set X-Content-Type-Options "nosniff"Header set X-Frame-Options "DENY"Header set X-XSS-Protection "1; mode=block"Header set Content-Security-Policy "default-src 'self';" These headers make sure that browsers enforce strict security policies, minimizing the risk of attacks. Final Thoughts Securing your Apache as of Ubuntu 22.04 using Let's Encrypt is a must-do to create a trusted quality web presence. In this tutorial, we have learned how to fine-tune some of the advanced configuration options, such as OCSP stapling, HTTP/2, wildcard certificates, as well as monitoring and security headers. These configurations will help you protect your server while increasing its efficiency and scalability. Note that web security is an ongoing process! Stay informed about new and developing threats, updated SSL/TLS standards, and audit your setup and logs regularly to maintain your server security after securing it.
27 March 2025 · 7 min to read
Docker

How To Install and Use Docker Compose on Ubuntu

Docker Compose has fundamentally changed how developers approach containerized applications, particularly when coordinating services that depend on one another. This tool replaces manual container management with a structured YAML-driven workflow, enabling teams to define entire application architectures in a single configuration file.  For Ubuntu environments, this translates to reproducible deployments, simplified scaling, and reduced operational overhead. This guide provides a fresh perspective on Docker Compose installation and usage, offering deeper insights into its practical implementation. Prerequisites Before you begin this tutorial, you'll need a few things in place: Deploy an Ubuntu cloud server instance on Hostman. Ensure you have a user account with sudo privileges or root access. This allows you to install packages and manage Docker. Install Docker and have it running on your server, as Docker Compose works on top of Docker Engine. Why Docker Compose Matters Modern applications often involve interconnected components like APIs, databases, and caching layers. Managing these elements individually with Docker commands becomes cumbersome as complexity grows. Docker Compose addresses this by allowing developers to declare all services, networks, and storage requirements in a docker-compose.yml file. This approach ensures consistency across environments—whether you’re working on a local Ubuntu machine or a cloud server. For example, consider a web application comprising a Node.js backend, PostgreSQL database, and Redis cache. Without Docker Compose, each component requires separate docker run commands with precise networking flags. With Compose, these relationships are organized once, enabling one-command setups and teardowns. Docker Compose Installation Follow these steps to install Docker Compose on your Ubuntu machine: Step 1: Verify that the Docker Engine is Installed and Running Docker Compose functions as an extension of Docker, so verify its status with: sudo systemctl status docker Example output: ● docker.service - Docker Application Container Engine Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2025-02-20 08:55:04 GMT; 5min ago TriggeredBy: ● docker.socket Docs: https://docs.docker.com Main PID: 2246435 (dockerd) Tasks: 9 Memory: 53.7M CPU: 304ms CGroup: /system.slice/docker.service └─2246435 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock If inactive, start it using sudo systemctl start docker. Step 2: Update System Packages Refresh your package lists to ensure access to the latest software versions: sudo apt-get update You will see: Hit:1 https://download.docker.com/linux/ubuntu jammy InRelease Hit:2 http://archive.ubuntu.com/ubuntu jammy InRelease Hit:4 http://security.ubuntu.com/ubuntu jammy-security InRelease Hit:5 http://repo.hostman.com/ubuntu focal InRelease Hit:6 http://archive.ubuntu.com/ubuntu jammy-updates InRelease Hit:7 http://archive.ubuntu.com/ubuntu jammy-backports InRelease Hit:3 https://prod-cdn.packages.k8s.io/repositories/isv:/kubernetes:/core:/stable:/v1.31/deb InRelease Hit:8 https://packages.redis.io/deb jammy InRelease Reading package lists... Done Step 3: Install Foundational Utilities Secure communication with Docker’s repositories requires these packages: sudo apt-get install ca-certificates curl  Step 4: Configure Docker’s GPG Key Authenticate Docker packages by adding their cryptographic key: sudo install -m 0755 -d /etc/apt/keyringssudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.ascsudo chmod a+r /etc/apt/keyrings/docker.asc This step ensures packages haven’t been altered during transit. Step 5: Integrate Docker’s Repository Add the repository tailored to your Ubuntu version: echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null The command auto-detects your OS version using VERSION_CODENAME. Step 6: Install the Docker Compose Plugin Update repositories and install the Compose extension: sudo apt updatesudo apt-get install docker-compose-plugin Step 7: Validate the Installation Confirm successful setup with: docker compose version The output displays the Docker Compose version: Docker Compose version v2.33.0 Building a Practical Docker Compose Project Let’s deploy a web server using Nginx to demonstrate Docker Compose’s capabilities. Step 1. Initialize the Project Directory Create a dedicated workspace: mkdir ~/compose-demo && cd ~/compose-demo Step 2. Define Services in docker-compose.yml Create the configuration file: nano docker-compose.yml Insert the following content: services: web: image: nginx:alpine ports: - "8080:80" volumes: - ./app:/usr/share/nginx/html In the above YAML file: services: Root element declaring containers. web: Custom service name. image: Uses the Alpine-based Nginx image for reduced footprint. ports: Maps host port 8080 to container port 80. volumes: Syncs the local app directory with the container’s web root. Step 3. Create Web Content Build the HTML structure: mkdir app nano app/index.html Add this HTML snippet: <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Docker Compose Test</title> </head> <body> <h1>Hello from Docker Compose!</h1> </body> </html> Orchestrating Containers: From Launch to Shutdown Let’s explore how you can use Docker Compose for container orchestration: Start Services in Detached Mode Launch containers in the background: docker compose up -d Example output: [+] Running 2/2 ✔ Network compose-demo_default Created ✔ Container compose-demo-web-1 Started Docker Compose automatically pulls the Nginx image if missing and configures networking. Verify Container Status Check operational containers: docker compose ps -a Access the Web Application Visit http://localhost:8080 locally or http://<SERVER_IP>:8080 on remote servers. The test page should display your HTML content. Diagnose Issues via Logs If the page doesn’t load or if you encounter any issues, you can inspect container logs: docker compose logs web Example output: web-1 | /docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration web-1 | /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/ web-1 | /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh web-1 | 10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf web-1 | 10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf web-1 | /docker-entrypoint.sh: Sourcing /docker-entrypoint.d/15-local-resolvers.envsh … Graceful Shutdown and Cleanup Stop containers temporarily: docker compose stop Example output: [+] Stopping 1/1 ✔ Container compose-demo-web-1  Stopped Remove all project resources: docker compose down Example output: [+] Running 2/2 ✔ Container compose-demo-web-1  Removed ✔ Network compose-demo_default  Removed Command Reference: Beyond Basic Operations While the workflow above covers fundamentals, these commands enhance container management: docker compose up --build: Rebuild images before starting containers. docker compose pause: Freeze containers without terminating them. docker compose top: Display running processes in containers. docker compose config: Validate and view the compiled configuration. docker compose exec: Execute commands in running containers (e.g., docker compose exec web nginx -t tests Nginx’s configuration). Conclusion Docker Compose transforms multi-container orchestration from a manual chore into a streamlined, repeatable process. By adhering to the steps outlined—installing Docker Compose, defining services in YAML, and leveraging essential commands—you can manage complex applications with confidence.
26 February 2025 · 7 min to read
Ubuntu

How to Install Flatpak on Ubuntu 22.04

Flatpak is a modern solution for handling applications on Linux. Unlike standard software managers, it installs programs in a sandboxed environment, ensuring greater security and reliability. Each program operates independently, reducing the risk of system corruption and conflicts. This separation assures that issues in one program don't affect others. Additionally, it offers consistent environments across Linux distributions, allowing developers to distribute apps without system dependency worries. This compatibility provides a reliable experience, making it versatile for any user. Overview Flatpak revolutionizes Linux application management by providing a unified and secure method to install and run applications. It encapsulates apps in a sandbox, isolating them from the core system to prevent conflicts and ensure stability. It offers several benefits: Security: Sandboxing isolates applications, reducing the risk of security vulnerabilities. Compatibility: Works across various Linux distributions, providing a consistent environment. Independence: Applications operate independently, preventing system corruption. Developer-Friendly: Simplifies app distribution without worrying about system dependencies. Installation Guide for Ubuntu 22.04 This guide covers Flatpak framework installation on Ubuntu 22.04, preparing your distribution to manage apps easily. Follow these instructions to master installation and manage apps efficiently. Prerequisites Before starting, you must have: Ubuntu 22.04 Terminal access with sudo privileges. Method 1: Via apt Installing this framework via terminal and configuring its repository is straightforward and efficient. This method uses the apt package manager, common in Ubuntu and Debian. By following these instructions, the framework can be set up and ready to use in no time. Update the packages list with: sudo apt update && sudo apt upgrade -y Install Flatpak with this command: sudo apt install flatpak -y To unlock a wide selection of utilities, include the Flathub repo using: sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo Reboot your machine to apply changes: sudo reboot After rebooting, check the installed utility by applying: flatpak --version If installed, the release number will display. To install an app, employ the following command with the app name. For example, to get Wireshark, apply: sudo flatpak install flathub org.wireshark.Wireshark -y To launch the app, enter the command below with the app ID. For example, to launch Wireshark, enter: flatpak run org.wireshark.Wireshark Method 2: Via Team APT PPA This approach includes adding the Flatpak Team APT PPA repo for installation. Making use of a PPA (Personal Package Archive) allows access to the latest release provided by the developers. It's useful for up-to-date features or patches not available in the standard repository list. Here are the steps: First, include the Team PPA via: sudo add-apt-repository ppa:flatpak/stable Refresh your source list again to incorporate the new PPA repo: sudo apt update Perform the framework installation using: sudo apt install flatpak -y Post-installation, include the FlatHub repository via: sudo flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo Additional Configuration To enhance your experience, configure additional settings or install other useful applications. For that, follow the below instructions. Installing Plugins  Plugins improve the functionality and integration of Flatpak apps with your desktop. Install them with: sudo apt install gnome-software-plugin-flatpak -y NOTE: This allows you to browse and set up Flatpak utilities directly from the GNOME Software program. From Ubuntu versions 20.04 to 23.04, GNOME Software is included as a Snap package, which doesn't support Flatpak. In version 23.10, it changes to the App Center, which also doesn't support the framework. To fix this, you'll need to install a plugin that adds another version of GNOME Software. As a result, you'll have two "Software" apps in versions 20.04 to 23.04 and one "Software" app in version 23.10. To solve the issue of integrating framework with Ubuntu's desktop, while avoiding the confusion of multiple "Software" applications, here's what to do: Remove the Snap version of GNOME to avoid having two "Software" apps: sudo apt remove gnome-software -y Get the plugin along with the deb version of GNOME: sudo apt install gnome-software-plugin-flatpak -y Run the GNOME by applying: gnome-software Manage Permissions Flatpak apps run in a sandboxed environment with limited system access. These permissions are managed by utilizing Flatseal, which can be installed via: sudo flatpak install flathub com.github.tchx84.Flatseal Launch Flatseal from the applications menu to adjust permissions for Flatpak apps. Troubleshooting Common Errors In case of any error during the process, here are some common problems and their solutions. Issue 1: Command Not Found If you receive a 'command not found' error, verify the framework is correctly configured. Reinstall it if necessary. Issue 2: Repository Not Enabled Incase of failure, get an app from Flathub, verify the repository with: sudo flatpak remotes If FlatHub is not listed, add it through the repository enable command provided earlier. Issue 3: Application Fails to Launch If an app won't launch, try executing it from the terminal to check for error messages. Hit the aforementioned run command followed by the app ID. If the issue persists, employ this command to repair it: sudo flatpak repair Updating Flatpak  You must keep the app up-to-date to have the latest features and security updates. To update all Flatpak’s added utilities, utilize: sudo flatpak update Uninstalling Flatpak  To remove the framework from Ubuntu, do it via the following instructions. Before removing the main utility, uninstall any app by executing: sudo flatpak uninstall <application-id> -y Then remove the framework itself by applying: sudo apt remove flatpak -y Finally, remove the FlatHub repo via: sudo flatpak remote-delete flathub Integrating Flatpak with Desktop Integrating Flatpak apps with your desktop guarantees a smooth user experience. This section covers the integration process with your Ubuntu desktop. Make sure Flatpak utilities are integrated with your desktop by installing necessary plugins: sudo apt install gnome-software-plugin-flatpak Check if the apps appear in your application menu. If not, log out and back in to refresh the menu. Frequently Asked Questions (FAQ) 1. Can Flatpak be used alongside other package managers? Yes, it can be utilized alongside traditional package managers like apt, yum, or dnf. The utility operates independently, allowing you to manage programs without interfering with system tools. 2. How do I list all Flatpak installed Tools? To list all Flatpak’s installed tools, execute: flatpak list 3. What is the benefit of using Flatpak over traditional package managers? It provides a consistent workspace across different Linux distributions, ensuring programs work as intended regardless of the underlying system. It also enhances security by running programs in a sandboxed environment. Conclusion You've successfully set up Flatpak on your Ubuntu distribution through multiple methods. Whether you utilized the terminal or the graphical user interface, you now have a powerful utility for managing tools in a secure interface. By integrating the application with your desktop environment and keeping it updated, you can further enhance your user experience and ensure optimal performance. With access to a vast library of utilities on Flathub, you can easily find, install, and run your favorite apps with confidence. This flexibility not only enhances your productivity but also allows you to explore a wide range of software that suits your needs.
21 February 2025 · 7 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support