Learning Center
Ubuntu

How to Install and Configure SSH on Ubuntu 22.04

19 Jan 2026
Hostman Team
Hostman Team

A secure connection between a client and a server is made possible via the SSH network protocol. Since all communications are encrypted, distant network attacks and data theft across the network are avoided.

Let’s say you have ordered a cloud server from Hostman. You will need SSH installed and configured to connect to and administer the server.

The guide below will describe how to install SSH on Ubuntu 22.04 and configure it.

SSH Key Generation on Ubuntu

SSH Key configuration is pretty simple on Ubuntu

Prerequisites
Copy link

Before proceeding with the installation and configuration of the Secure Shell service, ensure the following requirements are met:

  • Linux Command Line Skills for Configuration

Having a solid grasp of basic Linux commands like sudo, apt, nano, and systemctl is essential when setting up the service. These commands will be frequently used during the installation and configuration process. It's crucial to be comfortable working within the command line environment to manage the service effectively.

  • Root or Sudo Access for Setup

To install and configure the server, administrative (root) privileges are required. Users must either have sudo access or be logged in as root. Without these privileges, the setup process cannot proceed.

  • Internet Connection for Package Download

A stable internet connection is necessary to install the OpenSSH server and any additional related packages. Without a functional connection, the system cannot retrieve the required software components.

  • Configuring Firewall for Access

If a firewall, like ufw, is enabled on the system, it may block remote access by default. It is essential to configure your firewall to allow incoming connections. Use ufw or another firewall tool to ensure port 22 is open and accessible.

  • Access to the System (Local or Remote)

To configure the service locally, you must have physical access to your computer; otherwise, it must be remotely accessible through its IP address. To connect, make sure the system is correctly linked to the network.

Don't forget, that you can deploy your cloud server fast and cheap by choosing our VPS Server Hosting.

Step 1: Prepare Ubuntu
Copy link

The first thing you need to do before you start installing SSH on Ubuntu is to update all apt packages to the latest versions. To do this, use the following command:

sudo apt update && sudo apt upgrade

Step 2: Install SSH on Ubuntu
Copy link

OpenSSH is not pre-installed on the system, so let's install it manually. To do this, type in the terminal:

sudo apt install openssh-server

The installation of all the necessary components will begin. Answer "Yes" to all the system prompts. 

After the installation is complete, go to the next step to start the service.

Step 3: Start SSH
Copy link

Now you need to enable the service you just installed using the command below:

sudo systemctl enable --now ssh

On successful startup, you will see the following system message.

The --now key helps you launch the service and simultaneously set it to start when the system boots.

To verify that the service is enabled and running successfully, type:

sudo systemctl status ssh

The output should contain the Active: active (running) line, which indicates that the service is successfully running.

If you want to disable the service, execute: 

sudo systemctl disable ssh

It disables the service and prevents it from starting at boot.

Step 4: Configure the firewall
Copy link

Before connecting to the server via SSH, check the firewall to ensure it is configured correctly.

In our case, we have the UFW installed, so we will use the following command:

sudo ufw status

In the output, you should see that SSH traffic is allowed. If you don't have it listed, you need to allow incoming SSH connections. This command will help with this:

sudo ufw allow ssh

Step 5: Connect to the server
Copy link

Once you complete all the previous steps, you can log into the server using the SSH protocol.

You will need the IP address or domain name of the server as well as the name of a user that was created on the server in order to complete this step.

In the terminal line, enter the command:

ssh username@IP_address

Or: 

ssh username@domain

Step 6 (optional): Create Key Pair for Secure Authentication
Copy link

For enhanced security, consider configuring a key pair instead of relying on password authentication. To generate one, use the following command:

ssh-keygen

Step 7: Configure SSH
Copy link

Having completed the previous five steps, you can already connect to the server remotely. However, you can further increase the connection's security by changing the default connection port to another or changing the password authentication to key authentication. These and other changes require editing the SSH configuration file.

The main OpenSSH server settings are stored in the main configuration file sshd_config (location: /etc/ssh). Before you start editing, you should create a backup of this file: 

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.initial

If you get any errors after editing the configuration file, you can restore the original file without problems.

After creating the backup, you can proceed to edit the configuration file. To do this, open it using the nano editor:

sudo nano /etc/ssh/sshd_config

In the file, change the port to a more secure one. It is best to set values from the dynamic range of ports (49152 - 65535) and use different numbers for additional security. For example, let's change the port value to 49532. To do this, we uncomment the corresponding line in the file and change the port as shown in the screenshot below.

4fd580df 7710 49f3 Ba88 5f79663f289e

SSH Key Configuration Description in Linux Terminal

In addition to this setting, we recommend changing the password authentication mode to a more secure key authentication mode. To do this, uncomment the corresponding line and make sure the value is "Yes", as shown in the screenshot.

B78f6db1 010f 48a7 A5ff Ce4e6f665691

Authentication Key should be Enabled

Now, let's prohibit logging on to the server as a superuser by changing the corresponding line as shown in the picture below.

B06df4a0 5d22 4c7a Ba90 47fabd8d0bf5

Don't Forget to Close Access to Root Login

There are other settings you can configure to increase the server security: 

  • UseDNS checks if the hostname matches its IP address. The value "Yes" enables this parameter.

  • PermitEmptyPasswords prohibits using empty passwords for authentication if the value is "No."

  • MaxAuthTries limits the number of unsuccessful attempts to connect to the server within one communication session. 

  • AllowUsers and AllowGroups are responsible for the list of users and groups allowed to access the server:

# AllowUsers User1, User2, User3
# AllowGroups Group1, Group2, Group3
  • Login GraceTime sets the time provided for successful authorization. We recommend reducing the value of this parameter by four times.

  • ClientAliveInterval limits the time of user inactivity. After exceeding the specified limit, the user is disconnected.

After making all the changes in the main configuration file, save them and close the editor. 

Restart the service to make the changes take effect:

sudo systemctl restart ssh

If you have changed the port in the configuration file, you should connect using the new port: 

ssh -p port_number username@IP_address

Or:

ssh -p port_number_port_username@domain

Troubleshooting Connection Issues
Copy link

  • Ensure the service is running with:
sudo systemctl status ssh
  • Restart it if necessary:
sudo systemctl restart ssh
  • Check firewall settings to allow traffic on port 22:
sudo ufw allow 22
  • Confirm the system is reachable by running:
ping <server-ip-address>

Disabling the Service
Copy link

If you need to disable remote access for any reason, follow these steps:

  1. Stop the Service

To temporarily stop accepting connections:

sudo systemctl stop ssh
  1. Prevent Automatic Startup

To disable it from starting on reboot:

sudo systemctl disable ssh
  1. Confirm Inactive Status

Verify that the service is no longer running:

sudo systemctl status ssh
  1. Uninstall the Server

If the service is no longer needed, remove it and its associated configuration files:

sudo apt remove openssh-server

Conclusion
Copy link

This article presents a step-by-step guide on installing and configuring SSH in Ubuntu 22.04 and describes how to edit the main configuration file to improve security. We hope this guide helps you to set up a secure remote connection to your Ubuntu server.

And if you’re looking for a reliable, high-performance, and budget-friendly solution for your workflows, Hostman has you covered with Linux VPS Hosting options, including Debian VPS, Ubuntu VPS, and VPS CentOS.

To see more about SSH keys click here.

Frequently Asked Questions (FAQ)
Copy link

How to enable SSH on Ubuntu? 
Copy link

Run sudo apt install openssh-server to install the package. Once installed, enable and start the service immediately with sudo systemctl enable --now ssh, then allow the connection through the firewall using sudo ufw allow ssh.

How to check if ssh agent is running in Ubuntu? 
Copy link

Run sudo systemctl status ssh. If the service is active, you will see a green "active (running)" status in the output.

Is SSH installed on Ubuntu 22.04 by default? 
Copy link

No, the OpenSSH server is not installed by default on Ubuntu Desktop, though it is standard on Ubuntu Server.

How do I allow SSH through the firewall?
Copy link

To open the default port 22, run sudo ufw allow ssh. If using a custom port, use sudo ufw allow [port]/tcp.

How do I find my IP address for the connection? 
Copy link

Run the command ip a in your terminal and locate the inet address associated with your main network interface.

How do I change the default SSH port? 
Copy link

Edit the config file using sudo nano /etc/ssh/sshd_config, change Port 22to your desired number, and then restart the service with sudo systemctl restart ssh.

Why do I see a "Permission denied (publickey)" error? 
Copy link

This indicates that the server does not recognize your SSH key, or that password authentication has been disabled in the sshd_config file.