How to Install and Configure SSH on Ubuntu 22.04

SSH is a network protocol that provides a secure connection between a client and a server. All communication is encrypted, preventing theft of data transmitted over the network and other remote network attacks.

Let’s say you have ordered a cloud server from Hostman. You will need SSH installed and configured to connect to and administer the server.

The guide below will describe how to install SSH on Ubuntu 22.04 and configure it.

Step 1: Prepare Ubuntu

The first thing you need to do before you start installing SSH on Ubuntu is to update all apt packages to the latest versions. To do this, use the following command:

sudo apt update && sudo apt upgrade

Step 2: Install SSH on Ubuntu

OpenSSH is not pre-installed on the system, so let's install it manually. To do this, type in the terminal:

sudo apt install openssh-server

The installation of all the necessary components will begin. Answer "Yes" to all the system prompts. 

After the installation is complete, go to the next step to start the service.

Step 3: Start SSH

Now you need to enable the service you just installed using the command below:

sudo systemctl enable --now ssh

On successful startup, you will see the following system message.

The --now key helps you launch the service and simultaneously set it to start when the system boots.

To verify that the service is enabled and running successfully, type:

sudo systemctl status ssh

The output should contain the Active: active (running) line, which indicates that the service is successfully running.

If you want to disable the service, execute: 

sudo systemctl disable ssh

It disables the service and prevents it from starting at boot.

Step 4: Configure the firewall

Before connecting to the server via SSH, check the firewall to ensure it is configured correctly.

In our case, we have the UFW installed, so we will use the following command:

sudo ufw status

In the output, you should see that SSH traffic is allowed. If you don't have it listed, you need to allow incoming SSH connections. This command will help with this:

sudo ufw allow ssh

Step 5: Connect to the server

Once you complete all the previous steps, you can log into the server using the SSH protocol.

To do this, you will need the server's IP address or domain name and the name of a user created on the server.

In the terminal line, enter the command:

ssh username@IP_address

Or: 

ssh username@domain

Important: To successfully connect to a remote server, SSH must be installed and configured on the remote server and the user's computer from which you make the connection. 

-

Step 6: Configure SSH

Having completed the previous five steps, you can already connect to the server remotely. However, you can further increase the connection's security by changing the default connection port to another or changing the password authentication to key authentication. These and other changes require editing the SSH configuration file.

The main OpenSSH server settings are stored in the main configuration file sshd_config (location: /etc/ssh). Before you start editing, you should create a backup of this file: 

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.initial

If you get any errors after editing the configuration file, you can restore the original file without problems.

After creating the backup, you can proceed to edit the configuration file. To do this, open it using the nano editor:

sudo nano /etc/ssh/sshd_config

In the file, change the port to a more secure one. It is best to set values from the dynamic range of ports (49152 - 65535) and use different numbers for additional security. For example, let's change the port value to 49532. To do this, we uncomment the corresponding line in the file and change the port as shown in the screenshot below.

In addition to this setting, we recommend changing the password authentication mode to a more secure key authentication mode. To do this, uncomment the corresponding line and make sure the value is "Yes", as shown in the screenshot.

Now, let's prohibit logging on to the server as a superuser by changing the corresponding line as shown in the picture below.

There are other settings you can configure to increase the server security: 

• UseDNS checks if the hostname matches its IP address. The value "Yes" enables this parameter.

• PermitEmptyPasswords prohibits using empty passwords for authentication if the value is "No."

• MaxAuthTries limits the number of unsuccessful attempts to connect to the server within one communication session. 

• AllowUsers and AllowGroups are responsible for the list of users and groups allowed to access the server:

# AllowUsers User1, User2, User3
# AllowGroups Group1, Group2, Group3

• Login GraceTime sets the time provided for successful authorization. We recommend reducing the value of this parameter by four times.

• ClientAliveInterval limits the time of user inactivity. After exceeding the specified limit, the user is disconnected.

After making all the changes in the main configuration file, save them and close the editor. 

Restart the service to make the changes take effect:

sudo systemctl restart ssh

If you have changed the port in the configuration file, you should connect using the new port: 

ssh -p port_number username@IP_address

Or:

ssh -p port_number_port_username@domain

Cloud servers for your needs from $4/mo

Conclusion

This article presents a step-by-step guide on installing and configuring SSH in Ubuntu 22.04 and describes how to edit the main configuration file to improve security. We hope this guide helps you to set up a secure remote connection to your Ubuntu server.