How to Install and Configure SSH on Ubuntu 22.04
A secure connection between a client and a server is made possible via the SSH network protocol. Since all communications are encrypted, distant network attacks and data theft across the network are avoided.
Let’s say you have ordered a cloud server from Hostman. You will need SSH installed and configured to connect to and administer the server.
The guide below will describe how to install SSH on Ubuntu 22.04 and configure it.

SSH Key configuration is pretty simple on Ubuntu
Prerequisites Copy link
Before proceeding with the installation and configuration of the Secure Shell service, ensure the following requirements are met:
-
Linux Command Line Skills for Configuration
Having a solid grasp of basic Linux commands like sudo, apt, nano, and systemctl is essential when setting up the service. These commands will be frequently used during the installation and configuration process. It's crucial to be comfortable working within the command line environment to manage the service effectively.
-
Root or Sudo Access for Setup
To install and configure the server, administrative (root) privileges are required. Users must either have sudo access or be logged in as root. Without these privileges, the setup process cannot proceed.
-
Internet Connection for Package Download
A stable internet connection is necessary to install the OpenSSH server and any additional related packages. Without a functional connection, the system cannot retrieve the required software components.
- Configuring Firewall for Access
If a firewall, like ufw, is enabled on the system, it may block remote access by default. It is essential to configure your firewall to allow incoming connections. Use ufw or another firewall tool to ensure port 22 is open and accessible.
- Access to the System (Local or Remote)
To configure the service locally, you must have physical access to your computer; otherwise, it must be remotely accessible through its IP address. To connect, make sure the system is correctly linked to the network.
Don't forget, that you can deploy your cloud server fast and cheap by choosing our VPS Server Hosting.
Step 1: Prepare Ubuntu Copy link
The first thing you need to do before you start installing SSH on Ubuntu is to update all apt packages to the latest versions. To do this, use the following command:
sudo apt update && sudo apt upgradeStep 2: Install SSH on Ubuntu Copy link
OpenSSH is not pre-installed on the system, so let's install it manually. To do this, type in the terminal:
sudo apt install openssh-serverThe installation of all the necessary components will begin. Answer "Yes" to all the system prompts.
After the installation is complete, go to the next step to start the service.
Step 3: Start SSH Copy link
Now you need to enable the service you just installed using the command below:
sudo systemctl enable --now sshOn successful startup, you will see the following system message.
The --now key helps you launch the service and simultaneously set it to start when the system boots.
To verify that the service is enabled and running successfully, type:
sudo systemctl status sshThe output should contain the Active: active (running) line, which indicates that the service is successfully running.
If you want to disable the service, execute:
sudo systemctl disable sshIt disables the service and prevents it from starting at boot.
Step 4: Configure the firewall Copy link
Before connecting to the server via SSH, check the firewall to ensure it is configured correctly.
In our case, we have the UFW installed, so we will use the following command:
sudo ufw statusIn the output, you should see that SSH traffic is allowed. If you don't have it listed, you need to allow incoming SSH connections. This command will help with this:
sudo ufw allow sshStep 5: Connect to the server Copy link
Once you complete all the previous steps, you can log into the server using the SSH protocol.
You will need the IP address or domain name of the server as well as the name of a user that was created on the server in order to complete this step.
In the terminal line, enter the command:
ssh username@IP_addressOr:
ssh username@domainStep 6 (optional): Create Key Pair for Secure Authentication Copy link
For enhanced security, consider configuring a key pair instead of relying on password authentication. To generate one, use the following command:
ssh-keygenStep 7: Configure SSH Copy link
Having completed the previous five steps, you can already connect to the server remotely. However, you can further increase the connection's security by changing the default connection port to another or changing the password authentication to key authentication. These and other changes require editing the SSH configuration file.
The main OpenSSH server settings are stored in the main configuration file sshd_config (location: /etc/ssh). Before you start editing, you should create a backup of this file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.initialIf you get any errors after editing the configuration file, you can restore the original file without problems.
After creating the backup, you can proceed to edit the configuration file. To do this, open it using the nano editor:
sudo nano /etc/ssh/sshd_configIn the file, change the port to a more secure one. It is best to set values from the dynamic range of ports (49152 - 65535) and use different numbers for additional security. For example, let's change the port value to 49532. To do this, we uncomment the corresponding line in the file and change the port as shown in the screenshot below.
SSH Key Configuration Description in Linux Terminal
In addition to this setting, we recommend changing the password authentication mode to a more secure key authentication mode. To do this, uncomment the corresponding line and make sure the value is "Yes", as shown in the screenshot.
Authentication Key should be Enabled
Now, let's prohibit logging on to the server as a superuser by changing the corresponding line as shown in the picture below.
Don't Forget to Close Access to Root Login
There are other settings you can configure to increase the server security:
-
UseDNSchecks if the hostname matches its IP address. The value "Yes" enables this parameter. -
PermitEmptyPasswordsprohibits using empty passwords for authentication if the value is "No." -
MaxAuthTrieslimits the number of unsuccessful attempts to connect to the server within one communication session. -
AllowUsersandAllowGroupsare responsible for the list of users and groups allowed to access the server:
# AllowUsers User1, User2, User3
# AllowGroups Group1, Group2, Group3-
Login GraceTimesets the time provided for successful authorization. We recommend reducing the value of this parameter by four times. -
ClientAliveIntervallimits the time of user inactivity. After exceeding the specified limit, the user is disconnected.
After making all the changes in the main configuration file, save them and close the editor.
Restart the service to make the changes take effect:
sudo systemctl restart sshIf you have changed the port in the configuration file, you should connect using the new port:
ssh -p port_number username@IP_addressOr:
ssh -p port_number_port_username@domainTroubleshooting Connection Issues Copy link
- Ensure the service is running with:
sudo systemctl status ssh- Restart it if necessary:
sudo systemctl restart ssh- Check firewall settings to allow traffic on port 22:
sudo ufw allow 22- Confirm the system is reachable by running:
ping <server-ip-address>Disabling the Service Copy link
If you need to disable remote access for any reason, follow these steps:
-
Stop the Service
To temporarily stop accepting connections:
sudo systemctl stop ssh-
Prevent Automatic Startup
To disable it from starting on reboot:
sudo systemctl disable ssh-
Confirm Inactive Status
Verify that the service is no longer running:
sudo systemctl status ssh-
Uninstall the Server
If the service is no longer needed, remove it and its associated configuration files:
sudo apt remove openssh-serverConclusion Copy link
This article presents a step-by-step guide on installing and configuring SSH in Ubuntu 22.04 and describes how to edit the main configuration file to improve security. We hope this guide helps you to set up a secure remote connection to your Ubuntu server.
And if you’re looking for a reliable, high-performance, and budget-friendly solution for your workflows, Hostman has you covered with Linux VPS Hosting options, including Debian VPS, Ubuntu VPS, and VPS CentOS.
To see more about SSH keys click here.
Frequently Asked Questions (FAQ) Copy link
How to enable SSH on Ubuntu? Copy link
Run sudo apt install openssh-server to install the package. Once installed, enable and start the service immediately with sudo systemctl enable --now ssh, then allow the connection through the firewall using sudo ufw allow ssh.
How to check if ssh agent is running in Ubuntu? Copy link
Run sudo systemctl status ssh. If the service is active, you will see a green "active (running)" status in the output.
Is SSH installed on Ubuntu 22.04 by default? Copy link
No, the OpenSSH server is not installed by default on Ubuntu Desktop, though it is standard on Ubuntu Server.
How do I allow SSH through the firewall? Copy link
To open the default port 22, run sudo ufw allow ssh. If using a custom port, use sudo ufw allow [port]/tcp.
How do I find my IP address for the connection? Copy link
Run the command ip a in your terminal and locate the inet address associated with your main network interface.
How do I change the default SSH port? Copy link
Edit the config file using sudo nano /etc/ssh/sshd_config, change Port 22to your desired number, and then restart the service with sudo systemctl restart ssh.
Why do I see a "Permission denied (publickey)" error? Copy link
This indicates that the server does not recognize your SSH key, or that password authentication has been disabled in the sshd_config file.