How to Install and Configure SSH on Ubuntu 22.04
SSH is a network protocol that provides a secure connection between a client and a server. All communication is encrypted, preventing theft of data transmitted over the network and other remote network attacks.
Let’s say you have ordered a cloud server from Hostman. You will need SSH installed and configured to connect to and administer the server.
The guide below will describe how to install SSH on Ubuntu 22.04 and configure it.
Step 1: Prepare Ubuntu
The first thing you need to do before you start installing SSH on Ubuntu is to update all
apt packages to the latest versions. To do this, use the following command:
sudo apt update && sudo apt upgrade
Step 2: Install SSH on Ubuntu
OpenSSH is not pre-installed on the system, so let's install it manually. To do this, type in the terminal:
sudo apt install openssh-server
The installation of all the necessary components will begin. Answer "Yes" to all the system prompts.
After the installation is complete, go to the next step to start the service.
Step 3: Start SSH
Now you need to enable the service you just installed using the command below:
sudo systemctl enable --now ssh
On successful startup, you will see the following system message.
--now key helps you launch the service and simultaneously set it to start when the system boots.
To verify that the service is enabled and running successfully, type:
sudo systemctl status ssh
The output should contain the
Active: active (running) line, which indicates that the service is successfully running.
If you want to disable the service, execute:
sudo systemctl disable ssh
It disables the service and prevents it from starting at boot.
Step 4: Configure the firewall
Before connecting to the server via SSH, check the firewall to ensure it is configured correctly.
In our case, we have the UFW installed, so we will use the following command:
sudo ufw status
In the output, you should see that SSH traffic is allowed. If you don't have it listed, you need to allow incoming SSH connections. This command will help with this:
sudo ufw allow ssh
Step 5: Connect to the server
Once you complete all the previous steps, you can log into the server using the SSH protocol.
To do this, you will need the server's IP address or domain name and the name of a user created on the server.
In the terminal line, enter the command:
Important: To successfully connect to a remote server, SSH must be installed and configured on the remote server and the user's computer from which you make the connection.
Step 6: Configure SSH
Having completed the previous five steps, you can already connect to the server remotely. However, you can further increase the connection's security by changing the default connection port to another or changing the password authentication to key authentication. These and other changes require editing the SSH configuration file.
The main OpenSSH server settings are stored in the main configuration file
/etc/ssh). Before you start editing, you should create a backup of this file:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.initial
If you get any errors after editing the configuration file, you can restore the original file without problems.
After creating the backup, you can proceed to edit the configuration file. To do this, open it using the
sudo nano /etc/ssh/sshd_config
In the file, change the port to a more secure one. It is best to set values from the dynamic range of ports (49152 - 65535) and use different numbers for additional security. For example, let's change the port value to 49532. To do this, we uncomment the corresponding line in the file and change the port as shown in the screenshot below.
In addition to this setting, we recommend changing the password authentication mode to a more secure key authentication mode. To do this, uncomment the corresponding line and make sure the value is "Yes", as shown in the screenshot.
Now, let's prohibit logging on to the server as a superuser by changing the corresponding line as shown in the picture below.
There are other settings you can configure to increase the server security:
UseDNSchecks if the hostname matches its IP address. The value "Yes" enables this parameter.
PermitEmptyPasswordsprohibits using empty passwords for authentication if the value is "No."
MaxAuthTrieslimits the number of unsuccessful attempts to connect to the server within one communication session.
AllowGroupsare responsible for the list of users and groups allowed to access the server:
# AllowUsers User1, User2, User3
# AllowGroups Group1, Group2, Group3
Login GraceTimesets the time provided for successful authorization. We recommend reducing the value of this parameter by four times.
ClientAliveIntervallimits the time of user inactivity. After exceeding the specified limit, the user is disconnected.
After making all the changes in the main configuration file, save them and close the editor.
Restart the service to make the changes take effect:
sudo systemctl restart ssh
If you have changed the port in the configuration file, you should connect using the new port:
ssh -p port_number username@IP_address
ssh -p port_number_port_username@domain
This article presents a step-by-step guide on installing and configuring SSH in Ubuntu 22.04 and describes how to edit the main configuration file to improve security. We hope this guide helps you to set up a secure remote connection to your Ubuntu server.