Cloud servers from $4/mo - Grab the Deal! Let’s start ->
English
Community

Configuring SSH Keys in Ubuntu

Configuring SSH Keys in Ubuntu
Hostman Team
Technical writer
Ubuntu
24.11.2023
Reading time: 9 min
Share

By default, you use a password to connect to a server via Secure Shell (SSH). However, there are higher levels of security. We recommend configuring SSH keys to protect your system from unauthorized access.

In the article below, we'll look at SSH keys and how to connect to a remote server, for example, a Hostman one.

How Secure Shell works

Secure Shell provides a secure remote connection to the operating system. You can use it to access the shell and transfer data.

The basic configuration consists of a client and a server.

  • The client runs on the computer that establishes the connection. 

  • The server (or cloud server) runs on the system to which you need to connect. 

A significant advantage is cross-platform. For example, you can use a client running on Linux, Windows, or macOS to connect to a server running on Ubuntu. All communications between the client and server are encrypted to prevent unauthorized parties from intercepting data.

The weakness of the basic implementation is that it depends entirely on the strength of the passphrases assigned to accounts. If an attacker learns the password, the system becomes vulnerable. SSH key-based authentication helps to address this weakness.

Benefits of using SSH keys

SSH key-based authentication uses asymmetric encryption to add an extra layer of security to remote access to a system. The concept of public key encryption was developed in 1975 by Whitfield Diffie and Martin Hellman and is based on using a pair of keys: one private key and one public key.

The public part of this pair is used to encrypt data, and only the owner of the private part of the pair can decrypt it.

When setting up SSH key-based authentication, the private part is stored on the client machine, and the corresponding public key is on the system where the SSH server is running. Protecting the private key is crucial, as possessing it will allow anyone to log into the remote system. As an additional layer of protection, the private key can also be encrypted and protected by a password that you'll need to enter each time you connect to the server.

This approach can be compared to a jigsaw puzzle. Imagine you have a picture. When you tear it into two pieces, you generate a unique pair. If you print the same picture again and tear it again, you can't reproduce the same pair.

You give one part to the host and keep the other part with you. To connect to the host, you show your piece. If it matches the piece the host has, you shake hands and exchange data. If you give the host a different fragment, it won't open a connection.

-

Creating a key pair

For example, you have a server on Hostman and need to organize secure remote management using SSH. Let's say, you decide that password verification provides insufficient security (and you are too lazy to enter a long password every time). 

The logical solution is to set up SSH key authentication. To do this, you need to generate a key pair. Let's see how to do it in different operating systems.

Linux/macOS

The easiest way to create an authentication pair on Linux and macOS is to use the built-in ssh-keygen utility.

Start the terminal and run the command:

ssh-keygen

The wizard prompts you to choose where to store the authentication data files. Press Enter to keep the default directory and file name (.ssh/id_rsa). If you want to specify a specific storage location, enter the path to it and press Enter.

The wizard will then prompt you to add a passphrase for additional protection. If you don't want to add it, press Enter.

As a result, you will get two files: one with public and one with private keys. By default, the private part is stored in the id_rsa file and the public part in the id_rsa.pub file. But you can specify any file names you want, which can be useful if you connect from the same computer to different servers that use different authentication credentials.

Windows

On Windows, you can generate keys using the PowerShell command line. In recent versions, it supports the ssh-keygen utility. The procedure is the same as on Linux and macOS.

There is an alternative way: using the PuTTY application suite. It also includes the PuTTYgen generator.

  1. Start PuTTYgen and click the Generate button. 

  2. Move the mouse pointer to generate random data. 

  3. Enter an additional passphrase to secure the private key. 

When the process is complete, save the files in suitable locations using the Save public key and Save private key buttons.

Copying the public key to the server

You should store the private key on the computer from which you will connect to the server and transfer the public key to the host you want to connect to.

If the openssh-server is not installed and running on the host, install and enable it using the following commands.

apt install openssh-server
systemctl start sshd.service
systemctl enable sshd.service

There are several ways to transfer the public key.

Using ssh-copy-id

The built-in ssh-copy-id utility helps to transfer the value of the public key automatically. This method is available on Linux and macOS.

In the terminal, run the command:

ssh-copy-id username@server_address 

The first time you connect, you may get a message that the local computer did not recognize the remote host. To remember the server, type 'yes' and press Enter. After that, the utility will check the local computer and the public key and then prompt you to enter a password. After establishing the connection, the utility will copy the private key content to ~/.ssh/authorized_keys. All public keys data is stored there. In response, the terminal should display a message like this:

Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'username@remote-host'"
and check to make sure that only the key(s) you wanted were added.

Transfer via password access

If you don't have the ssh-copy-id utility, you can copy the key via Secure Shell using the password. To do this, run the command:

cat ~/.ssh/id_rsa.pub | ssh username@server_address "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod go= ~/.ssh/authorized_keys"

It looks complicated, but it's actually a simple operation.

  1. First, you output the contents of the file: cat ~/.ssh/id_rsa.pub

  2. Next, you connect to the remote host: ssh username@server_address

  3. Then, you create a folder and file to store the public key.

This example uses the >> redirect symbol. It allows you to append the file's contents rather than overwriting it. It is useful if you are adding multiple keys.

Manual migration

If you don't have an ssh-copy-id (for example, you are using Windows), you can connect via Secure Shell by password, manually create the .ssh/authorized_keys file, and then add the public key.

Display the contents of the public key on the local machine with the command:

cat ~/.ssh/id_rsa.pub

Copy the displayed response. It should look like this:

ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDC4OSYUK5tAsjYMI4mLWDQleLz1d0IBz7G1cfsC9xnM
MNYfFUSVzjZzsPVnNKzNwcO6dFs8WiE37gUI8p/ekHghcxWzgEybtAY6LleLJh53LPB1D8YEh
92s21p7U0a8rQnGq1LCRQ0y8JFaf9PbmLWJM7llUKhc0YiOIJsQDZxX8g6KYSAaLH+z9Vj8Ag
5Hw4BHi0uWL03tX3jImC3DfU2JnzMAuA+EqGjO5eCkGvD5V2fVbpqscig2G2dmjg5E4I2Q7VD
lEkBMxG7PJSM3O/l8LnS4a2vICFj2am2Zk1jsGFi66/6yBDQZDsZ+SrCvkTRw0ZikxaRVwCmk
F6cgBJn rsa-key-20220602

Then connect to the server and create the ~/.ssh directory with the command:

mkdir -p ~/.ssh

Add the public key:

echo public_key_string >> ~/.ssh/authorized_keys

Instead of public_key_string, specify the content of id_rsa.pub, which you just copied. If the authorized_keys file doesn't exist, the system will create it automatically. If it does exist, you will insert a new string into it.

Finally, configure permissions for the ~/.ssh directory and the authorized_keys file. Remove all group and other permissions for the ~/.ssh/ directory:

chmod -R go= ~/.ssh

Set the directory owner to your user instead of root:

chown -R username:username ~/.ssh

If you plan to access the server from different clients, you can use ssh-copy-id or manually edit .ssh/authorized_keys to insert additional keys. Each line should store only one value.

Safe and scalable Virtual Servers and VPC

Connecting with keys

Everything is ready to connect via SSH in Ubuntu. 

Start your terminal and run the command:

ssh username@server_address

The first time you connect, you may get a warning that the local computer doesn't recognize the remote host. To remember it, type yes and press Enter.

If you have set a password for the private key, you will be prompted to enter it. If there is no password, you will log in immediately.

Connecting with PuTTY

If you use Windows, you can also connect using PuTTY.

  1. Start PuTTY.

  2. On the Session tab, enter the hostname or IP.

  3. Leave the default port at 22.

  4. Select the connection type: SSH.

  5. Click the Connection -> SSH -> Auth tab.

  6. Click Browse and select the previously saved private key.

  7. Click Open to establish the connection.

If the connection is successful, PuTTY will launch its own terminal through which you can access the server.

Disabling the password

When using SSH keys in Ubuntu, you can disable password access. This will make the connection safer: if there's no password, no one can steal it and access your server.

Important: before you disable the password, make sure that the private key is securely stored and backed up. If you disable the password and then lose the private key, you will not be able to connect to the server remotely.

In Ubuntu, open the SSH key settings stored in sshd_config:

sudo nano /etc/ssh/sshd_config

Find the PasswordAuthentication line and change the value of yes to no

Restart the service to apply the configuration:

sudo service ssh restart

A strong move from a security perspective. Attackers can try to match the passphrase all they want. This authentication method no longer works. Only the user with the previously generated private key stored on his computer can connect.

Conclusion

By default, Secure Shell allows remote access using password-based authentication. This leaves the system vulnerable to anyone who can guess the password or get it by other means. 

We recommend SSH key-based authentication for maximum protection of access to the system. It is based on the concept of public and private key encryption. Users can only connect to the server from the client with a private key corresponding to the server's public key with a private key corresponding to the server's public key. As an additional layer of security, the private key can also be encrypted and password protected.

Ubuntu
24.11.2023
Reading time: 9 min
Share

Similar

Ubuntu

How To Add Swap Space on Ubuntu 22.04

Managing resources efficiently is vital for maintaining the performance and stability of the OS. In this article, the methods of adding swap space to Ubuntu 22.04 is outlined to help users boost their platform's capacity to carry on memory-intensive activities. Swap space acts as a virtual extension of physical memory (RAM), allowing the system to offload inactive processes when it is fully utilised. While Ubuntu 22.04 is highly efficient in memory management, adding or increasing paging area can be a practical solution for environments with small data storage unit or when running resource-heavy applications. This article provides a step-by step approach in creation, configuration, and optimisation of swap space, ensuring a smooth and efficient setup tailored to everyone's needs. Prerequisites Before adding swap space on Ubuntu 22.04, make sure the following prerequisites are satisfied to avoid potential issues: Administrative Privileges: User must have root or sudo access to the platform to execute commands for creating and configuring swap space. Existing Disk Volume: Confirm that the instance has sufficient free disk storage to allocate for the desired swap size. Deploy the following instruction to check disk space: df -h Current Status: Determine whether a swap space already exists and come up with the decision to expand it. Utilise the instruction below to verify: sudo swapon --show Suitable Performance Needs Assessment: Determine the required capacity of the swap space according to the current storage resource and workload. A common rule is to have at least same amount as the RAM size, but this may vary depending on your use case. What is Swap A crucial part of Linux memory management, swap space is intended to improve system performance and stability by increasing the system's accessible capacity beyond the physical random-access memory (RAM). The OS frees up memory for running processes by offloading idle or seldom used data to the paging space area when the RAM is completely utilised. This procedure enables the system to manage resource-intensive tasks more effectively and keeps apps from crashing because of memory shortages. Depending on the demands of the user, swap can be implemented in Ubuntu as a file or as a separate disc. This can be useful, but it cannot take the place of enough RAM. Because disc storage has slower read and write rates than physical memory, an over-reliance on this might result in performance loss. Optimising system performance requires an understanding of swap's operation and proper configuration, especially for tasks like managing apps on platforms with limited RAM, operating virtual machines, or compiling huge codebases. Swap Advantages Swap space is an important part of Linux environment memory management because it provides a number of benefits. The following advantages are offered by swap: Prevents System Crashes Supports Memory-Intensive Applications Enhances Multitasking Smoother multitasking without sacrificing speed for platforms managing numerous processes at once by balancing memory use by offloading less important operations. Provides Flexibility Swap space allows for the dynamic addition or resizing of paging space, which facilitates system requirements adaptation without requiring disc repartitioning. Extends Uptime Period It is a short-term fix to increase stability and prolong its uptime under high loads in situations where replacing physical memory is not immediately practical. Facilitates Hibernation Swap is crucial for systems set up to utilise the hibernate feature since it keeps the contents of the RAM in place when the system is turned off, enabling a smooth restart. Supports Low-Memory Systems For lightweight systems, this is beneficial because it guarantees that critical operations continue to run even when memory is limited on devices with little physical memory. Swap is essential for increasing overall system resilience and flexibility, especially in resource-constrained contexts, even while it cannot replace physical RAM and shouldn't be over-relied upon. Swap Disadvantages Although swap space has several benefits for memory management, there are a few significant drawbacks that should be taken into account when setting it up. Slower Performance Compared to RAM Increased Disk Wear Latency in Resource-Intensive Tasks When the system relies heavily on swap, tasks that require high memory bandwidth, such as video editing or large-scale data analysis, may experience significant delays due to slower data transfer rates. Limited Effectiveness in Low-RAM Scenarios While swap can extend memory, it is not a substitute for adequate RAM. On systems with extremely low physical memory, relying on swap may not be enough to handle modern applications efficiently. Hibernation Dependency If the swap space is insufficient, hibernation may fail as it requires swap to store the contents of the RAM. Misconfigured swap sizes can lead to system errors during hibernation attempts. Additional Storage Allocation Allocating swap space reduces the available storage for other purposes. For systems with limited disk capacity, dedicating a portion to swap may not be feasible. Complexity in Configuration Optimising swappiness and settings require careful planning and monitoring. Poor configuration may lead to either underutilisation or excessive reliance, both of which impact system performance. How to Add Swap Space by Creating a Swap File Making a swap file in Ubuntu 22.04 to increase swap space is a simple procedure that can assist boost system performance, particularly on systems with low RAM. Here is a thorough, step-by-step guide to assist you with the process: Make sure swap space is enabled before making a new file. Run the instruction below. sudo swapon --show Based on the RAM capacity and usage needs, choose the swap file's size. A typical rule of thumb is: For systems with less than 2 GB of RAM, swap size is equal to RAM size × 2. For systems with more than 2 GB of RAM, swap size equals RAM size. Choose the location of the file, which is often the root directory. Adjust to the user's preferred swap size. To do it, use the fallocate command. sudo fallocate -l 4G /swapfile If fallocate is unavailable or gives an error, employ the dd command. sudo dd if=/dev/zero of=/swapfile bs=1M count=4096 bs=1M: Sets the block size to 1 Megabyte. count=4096: Creates a 4GB file (4096 × 1MB). Verify that the permissions are configured appropriately to prevent unauthorised access. Execute the following command. sudo chmod 600 /swapfile It is necessary to format the file as swap space. After that, swap can be activated. Execute the command listed below.       sudo mkswap /swapfile sudo swapon /swapfile To verify if it has been added, use the instructions listed below, appropriately. sudo swapon --show free -h Add the swap file to the /etc/fstab file to guarantee it stays active following a reboot. Perform the following steps. Backup the fstab file before editing. sudo cp /etc/fstab /etc/fstab.bak Add the swap record in fstab. echo '/swapfile none swap sw 0 0' | sudo tee -a /etc/fstab Validate using command below. cat /etc/fstab Configuring Swappiness (Optional) Swappiness controls the kernel's use of swap space. 60 is the default value. Usage rises with higher values and falls with lower values. Verify current swappiness value by running command below. cat /proc/sys/vm/swappiness Use the sysctl utility to temporarily modify the swappiness. The value is lowered to 40 from 60 by the subsequent command. sudo sysctl vm.swappiness=40 To make the changes permanent, run these commands respectively. echo 'vm.swappiness=40' | sudo tee -a /etc/sysctl.conf sudo sysctl -p Modify Cache Pressure (Optional) Cache pressure regulates the kernel's propensity to recover caching memory, which can be lessened with lower values. If for example, a user wants to set VFS Cache Pressure to 40, this can be set using the commands below respectively. echo 'vm.vfs_cache_pressure=40' | sudo tee -a /etc/sysctl.conf sudo sysctl -p Verify that the swap file is operational and set up properly. Use the commands below to check it. sudo swapon --show free -h Increasing Swap Space with Swap File To resize the system's swap file, use the following actions. Temporarily disable the swap file. sudo swapoff /swapfile Change the size of the swap file to the preferred size. Replace 8G with your desired new size. Using the fallocate command sudo fallocate -l 8G /swapfile Using the dd command sudo dd if=/dev/zero of=/swapfile bs=1M count=8192 To adjust for the new size, reinitialise the swap file. sudo mkswap /swapfile Activate the swap file that has been resized. sudo swapon /swapfile Validate that the swap space has been updated from 4GB to 8GB. sudo swapon --show free -h Conclusion To sum up, creating a swap file in Ubuntu is a simple procedure that can greatly improve system speed, especially when working with memory-demanding apps or when physical RAM is at limited availability. Without the need for intricate partitioning, users can rapidly increase the virtual memory of their system by following the instructions to create, format, and activate a swap file. The swap space will also be active across reboots if the swap file is made permanent via the /etc/fstab file. The memory management can be further optimised by modifying variables like swappiness. All things considered, making a swap file is a practical and adaptable way to enhance Ubuntu system efficiency and stability. You can install Ubuntu on a VPS on Hostman.
23 December 2024 · 8 min to read
PHP

How to Install PHP and PHP-FPM on Ubuntu 24.04

In this guide, we will describe installing PHP and PHP-FPM on Ubuntu 24.04. PHP, which stands for Hypertext Preprocessor, is a language that is widely used and open-sourced, mainly for web development. PHP is the only PHP FastCGI implementation, that is extremely useful for high-traffic websites. At the end of this guide, you should be ready to go with PHP running on your server. Prerequisites Before we start, please confirm you have the following: Ubuntu 24.04 LTS installed on the server A user account with the sudo access An essential command-line operation understanding A reliable internet connection for downloading software packages To ensure that your system is up to date, run the following commands: sudo apt updatesudo apt upgrade Install Apache Launch the Apache web server using the following command: sudo apt install apache2 Install PHP Let's begin with installing the PHP package in Ubuntu 24.04 server. First, open a terminal on your Ubuntu system. PHP and common modules are included in the installation action: sudo apt install php That command installs the core PHP package, the command-line interface, and common libraries. Make sure the installation works: php -v Install PHP Extensions PHP extensions are the way to go to extending PHP installation with certain functions. Start by installing extensions: sudo apt install php-curl php-mbstring php-xml Short description: php-mysql: Allows MySQL database connection php-gd: Adds ability to manipulate images php-curl: Makes possible to communicate with servers php-mbstring: Provides multibyte string support php-xml: Enables XML support php-zip: Enables ZIP support Additional extensions can be installed as you see fit for your projects. You can search them using: apt-cache search php- Install and Configure PHP-FPM PHP-FPM is essential when dealing with high-traffic websites. To install and configure it: Install the package: sudo apt install php-fpm Launch PHP-FPM service. Depending on the installation, version number may differ. sudo systemctl start php8.3-fpm Tell PHP-FPM to go on boot: sudo systemctl enable php8.3-fpm Verfy PHP-FPM is working: systemctl status php8.3-fpm This will output a response that says "Active (Running)" if everything is working as expected. Test PHP and PHP-FPM To ensure that PHP and PHP-FPM are both running with no problems, create a test file then serve it via the website's server. Let's say it uses Apache in this example: Generate PHP Info File. To show PHP settings using the phpinfo() function, do the following: mkdir -p /var/www/htmlecho "<?php phpinfo(); ?>" | sudo tee /var/www/html/info.php Set Up Apache for PHP-FPM. Ensure Apache is made compatible for PHP-FPM, by first finding Apache configuration file (usually /etc/apache2/sites-available/000-default.conf) then inserting: <FilesMatch \.php$>   SetHandler "proxy:unix:/var/run/php/php8.3-fpm.sock|fcgi://localhost/"</FilesMatch> Remember we must alter specific PHP version and socket path to suit individual settings of the server. Activate PHP and PHP-FPM. Enable PHP and PHP-FPM following these instructions: sudo apt install libapache2-mod-phpsudo a2enmod proxy_fcgi setenvif Reboot Apache. Apply changes by restarting Apache server: sudo systemctl restart apache2 Access PHP Info Page. First open your web browser and go to: http://your_server_ip/info.php Replace [server_ip] with the server IP address or domain. You can see details of your PHP installation. Install Multiple PHP Versions For particular projects you might need to run different applications, each one may require different functionalities. This is the way to manage and manipulate multiple PHP versions on Ubuntu 24.04. First, add PHP repository: sudo apt install software-properties-commonsudo add-apt-repository ppa:ondrej/php && sudo apt update Install PHP versions you need: sudo apt install php8.1 php8.1-fpm Deselect one PHP version and elect the other: sudo update-alternatives --set php /usr/bin/php8.1 If you are using multiple PHP versions, ensure that your web server is pointing to the appropriate PHP-FPM socket. Securing PHP and PHP-FPM: Best Practices As a web developer, you know the importance of incorporating both PHP and PHP-FPM into web applications that are safe and robust. In this section, we will introduce a number of security steps that you should adapt using PHP and PHP-FPM. 1. Keep PHP and PHP-FPM Updated PHP and PHP-FPM should be up to date. Doing regular updates will eliminate known security breaches and provide overall security improvements. You need to check for updates as often as possible then update the system as soon as the updates are available. 2. Configure PHP Securely To configure PHP securely, start by disabling unnecessary and potentially dangerous functions, such as exec, shell_exec, and eval, in the PHP configuration file (php.ini). Use open_basedir directive to restrict PHP’s access to specific directories, preventing unauthorized access to sensitive files. Set display_errors to Off in production to avoid exposing error messages that could provide insights to attackers. Limit file upload sizes and execution times to reduce the risk of resource exhaustion attacks. Besides, ensure that PHP runs under a dedicated, restricted user account with minimal permissions to prevent privilege escalation. Regularly update PHP to the latest stable version to patch vulnerabilities and improve security. 3. Use Safe Error Reporting To ensure an error-free application, it is quite handy locating and correcting code bugs in a development environment. In production environment, you have the possibility to hide the PHP errors by setting the display_error directive to be off, and you should also set the log_errors directive to be On, thus this will help you prevent PHP from showing errors to the users whereas your server will log it in a safe location without problems to users. 4. Implement Input Validation Being aware of the input validations is quite crucial during the programming of your software. Make sure that all deficiencies are tested and only SQL statements containing their SQL equivalent that can produce outwardly neutral queries via prepared statements is considered safe. 5. Secure PHP-FPM Configuration PHP-FPM is required to run using a non-usual user account with minium rights. Furthermore, access to the PHP-FPM socket or port should be very limited to the web application. 6. Enable Open_basedir You need to bind open_basedir directive in order to restrict access files within the given directory. In this case, if you attempt to visit a forbidden directory and the request is accidentally transmitted to the server, PHP will prevent you from doing so. 7. Use HTTPS We need to secure web calls by making apps HTTPS-only, which is the only prominent way to block all the known hacking tricks. Conclusion With this guide, you've successfully set up PHP and PHP-FPM on Ubuntu 24.04. Your server is now configured for dynamic web applications. To maintain security and performance, remember to keep the system and packages regularly updated.
09 December 2024 · 6 min to read
Ubuntu

How to Configure an Additional IP as an Alias in Ubuntu

In the network administration world, the task of setting up additional IP addresses on a single network interface is commonly performed. The technique of IP aliasing, which is a system for a device to reply to several IP addresses on one network interface, penetrates this model. All Ubuntu users should be familiar with modifying and applying these settings to ensure robust networking administration. This guide will detail the methods of creating an extra IP address in Ubuntu as an alias for both the versions of Ubuntu 24.04 and 22.04. Prerequisites Obviously, one first needs to set up the system in a way that would allow for the manipulation of all IP addresses over the same network, using Ubuntu. Here is the list: A system running either Ubuntu 24.04 or Ubuntu 22.04 Admin access to the system (sudo privileges) Basic knowledge of command-line interface operations An additional IP address assigned by a network administrator or ISP Network interface name information (e.g., eth0, ens3) When troubleshooting problems, we are in danger of causing even more difficulty, as network interfaces provided by networks are not reliable. With this in mind, it would be wise to keep a backup of the configuration files before proceeding with the changes. Configuring an Additional IP Address within Ubuntu 24.04 Ubuntu 24.04, the latest long-term support release, uses Netplan for network configuration. This configuration is also applicable for Ubuntu 22.04 and beyond. Netplan is a utility for configuring networking on Linux systems. Here's how to create an additional IP address: Check the Network Interface Primarily, it is necessary to define the network interface that will carry the new address. You can achieve this by running the following command: ip addr show The output of this command will display all the interfaces. Find the name of the interface (e.g. ens3, eth0) currently in use. Edit the Netplan Configuration File Normally Netplan configuration files are found in the /etc/netplan/ directory. The file name may be different but most of them end with a .yaml extension. To change the file, use a text editor with root privileges: sudo nano /etc/netplan/50-cloud-init.yaml Insert the New IP Address In the YAML file, add the new IP address under the addresses section of the appropriate network interface. The configuration may appear like this: network: version: 2 renderer: networkd ethernets: eth0: addresses: - "195.133.93.70/24" - "166.1.227.189/24" #New IP address - "192.168.1.2/24" #Private IP address nameservers: addresses: - "1.1.1.1" - "1.0.0.1" dhcp4: false dhcp6: false routes: - to: "0.0.0.0/0" via: "195.133.93.1" Apply the Changes Upon saving your edits, you need to apply the new version of the configuration by running this command: sudo netplan apply Validate the Configuration After completing the steps above, you will need to repeat the ip addr show command to confirm that the new IP address is in place. Now the output of this command should also include the new IP address. Additional Considerations Persistent Configuration The choices made by Netplan are stable and will last through the restart of the device. But, it's a good idea to verify the configuration with a system reboot to make sure everything goes well after the restart. Firewall Configuration When adding a new IP address, you may need to update the firewall rules. Ubuntu traditionally uses UFW (Uncomplicated Firewall). To avoid blocking the new IP, you will have to create new rules to UFW. Network Services If the system has some services running which are linked to specific IP addresses, then you must update their configurations to recognize and utilize the new IP address as well. IPv6 Considerations The above examples talk about IPv4. If you have to use IPv6 addresses, then the procedure is relatively the same; you will have to use a different style of address though. Netplan supports both IPv4 and IPv6 configurations. Troubleshooting In case of issues emerging during the configuration stage, try: Check for syntax errors in the YAML file with the command: sudo netplan --debug generate. Ensure that there are no conflicts with other devices using the same IP address on the network. Verify correct setting of the subnet mask and the gateway. Check the system logfile for error messages: journalctl -xe. Advanced IP Aliasing Techniques Network administrators can see how advanced IP aliasing plays a key role in improving network management: virtual interfaces make it possible to have several logical interfaces on a physical network interface, wherein all have their IP and network settings. Dynamic IP Aliasing There are cases where network administrators would have to implement dynamic IP aliasing. With the help of scripts, it is possible to add or remove IP aliases according to certain conditions or occurrences. For example, a script can be made to insert an IP alias whenever a particular service starts and remove it every time the service stops. IP Aliasing in Containerized Environments The popularity of containerization in the present age necessitates having IP aliasing in order to control network configuration of Docker containers and any other containerized applications. In such cases, IP aliases are quite often employed to expose multiple services on a container at different IP addresses or assist containers to communicate with one another. Docker Network Aliases In Docker, network aliases can be used to allow multiple containers to respond to the same DNS name on a custom network. Among other things, this is indispensable in microservices architectures where service discovery is a very important issue. Security Implications of IP Aliasing Though IP aliasing has a multitude of advantages, the issue of security deserves also to be looked into. Among other things, the more IP addresses you put, the larger the possible security breach of a system. The network administrators must guarantee the applications are protected with: Configurations of a firewall that will secure all the IP aliases Intrusion Detection Systems (IDS) to record the traffic of all IP addresses Periodically checking the use and need of each IP alias Enabling of appropriate security tools for those services bound to specific IP aliases Conclusion Putting a new IP address as an alias into Ubuntu is a highly efficient process as their utility of Netplan helps greatly. Whether you are using Ubuntu 24.04 or 22.04, the steps remain the same including editing the Netplan configuration file, adding the new IP address, and applying the changes. A system with multiple IP addresses on a single network interface of a single computer can be used to do different tasks on such a network. The ability to respond to several IP addresses on one network interface becomes very useful in several networking situations. Through these steps, you can increase the Ubuntu computer networking capabilities quickly and effectively. The sequence is always to first back up existing configurations then to make changes followed by in-depth test post-installation. With these skills, a network infrastructure manager or an IT technician can effectively manage and optimize his Ubuntu-powered network infrastructure to cater to diverse networking requirements.
29 November 2024 · 6 min to read

Do you have questions,
comments, or concerns?

Our professionals are available to assist you at any moment,
whether you need help or are just unsure of where to start.
Email us
Hostman's Support