If you performed an installation of Ubuntu 22.04 or Ubuntu 20.04 from from a CD ISO image, the OpenSSH server and client packages are installed alongside OS base installation. You need to manually install and configure OpenSSH server to enable remote logins through ssh client. OpenBSD Secure Shell, commonly known as OpenSSH is a set of applications that provides encrypted communication sessions over Secure Shell (SSH) protocol. It is a standard way of accessing both Linux and Unix servers remotely over the internet.
In this article we will discuss the installation and configuration of SSH Server on Ubuntu 22.04|20.04 Linux machine. The article can be used for Desktop or Server editions of Ubuntu OS. In most cloud instances, OpenSSH server is installed and configured to start at system boot. We have a dedicated article on how to install the latest Ubuntu OS 22.04, in case you’re interested.
Once the OS is installed, login as root or standard user with sudo privileges and continue to configure OpenSSH server on Ubuntu 22.04 / Ubuntu 20.04 Linux system.
Step 1) Install OpenSSH Server packages on Ubuntu 22.04|20.04
We shall start with OpenSSH server installation process onUbuntu 22.04|20.04. But first, update OS package list as configured in sources repositories:
$ sudo apt update Get:1 http://security.ubuntu.com/ubuntu jammy-security InRelease [90.7 kB] Hit:2 http://ke.archive.ubuntu.com/ubuntu jammy InRelease Get:3 http://ke.archive.ubuntu.com/ubuntu jammy-updates InRelease [90.7 kB] Get:4 http://ke.archive.ubuntu.com/ubuntu jammy-backports InRelease [90.7 kB] Fetched 272 kB in 2s (163 kB/s) Reading package lists... Done Building dependency tree... Done Reading state information... Done 45 packages can be upgraded. Run 'apt list --upgradable' to see them.
Thereafter, install OpenSSH Server packages on Ubuntu 22.04|20.04 using the commands below:
$ sudo apt install openssh-server Reading package lists... Done Building dependency tree... Done Reading state information... Done The following additional packages will be installed: openssh-sftp-server runit-helper Suggested packages: molly-guard monkeysphere ssh-askpass ufw The following NEW packages will be installed: openssh-server openssh-sftp-server runit-helper 0 upgraded, 3 newly installed, 0 to remove and 0 not upgraded. Need to get 446 kB of archives. After this operation, 1,765 kB of additional disk space will be used. Do you want to continue? [Y/n] y
After the installation of OpenSSH server, start ssh service:
sudo systemctl start ssh
It is recommended to enable the service to start with the OS. This will ensure you’re not logged out of the system it the system is rebooted.
$ sudo systemctl enable ssh Synchronizing state of ssh.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable ssh
The command below will show the status of the service. If everything went as expected it should be in running state..
$ systemctl status ssh ● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2021-11-11 12:12:16 EAT; 1h 47min ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 657 (sshd) Tasks: 1 (limit: 9482) Memory: 6.1M CPU: 84ms CGroup: /system.slice/ssh.service └─657 sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups Nov 11 12:12:16 ubuntu22 systemd: Starting OpenBSD Secure Shell server... Nov 11 12:12:16 ubuntu22 sshd: Server listening on 0.0.0.0 port 22. Nov 11 12:12:16 ubuntu22 sshd: Server listening on :: port 22. Nov 11 12:12:16 ubuntu22 systemd: Started OpenBSD Secure Shell server.
The OpenSSH server configuration file is /etc/ssh/sshd_config. The file contains keyword-argument pairs, one per line. All the lines starting with
# and empty lines are interpreted as comments.
Step 2) Copy your SSH Public key from Workstation to Ubuntu system
Before you can disable password authentication for SSH, you need to copy SSH public keys from workstation to the server or remote Ubuntu Desktop machine.
Generate SSH keys if you don’t have them already on your Workstation OS – the command provided works for Linux and macOS:
$ ssh-keygen Generating public/private rsa key pair. Enter file in which to save the key (/home/computingpost/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/computingpost/.ssh/id_rsa Your public key has been saved in /home/computingpost/.ssh/id_rsa.pub The key fingerprint is: SHA256:OYXlyX/3nXMdSz581TDOnl78PPXAv31h03GI39bu9x8 [email protected] The key's randomart image is: +---[RSA 3072]----+ | . | | = . | | . = .o. | | o ..o.+o| | S .o++O| | . oBB#| | +E&| | . +#| | .o#| +----[SHA256]-----+
Get the private or Private IP address of the remote Ubuntu system:
$ ip address 1: lo:
mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp1s0: mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 52:54:00:13:e7:d6 brd ff:ff:ff:ff:ff:ff inet 192.168.200.46/24 brd 192.168.200.255 scope global dynamic noprefixroute enp1s0 valid_lft 3519sec preferred_lft 3519sec inet6 fe80::bfeb:53e3:8760:78ee/64 scope link noprefixroute valid_lft forever preferred_lft forever
My Ubuntu 22.04 Server IP address is192.168.200.46. Ping the IP address to confirm network connectivity from your workstation machine:
$ ping -c 3 192.168.200.46 PING 192.168.200.46 (192.168.200.46): 56 data bytes 64 bytes from 192.168.200.46: icmp_seq=0 ttl=63 time=188.575 ms 64 bytes from 192.168.200.46: icmp_seq=1 ttl=63 time=181.137 ms 64 bytes from 192.168.200.46: icmp_seq=2 ttl=63 time=192.178 ms --- 192.168.200.46 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 181.137/187.297/192.178/4.597 ms
After confirming you can access remote Ubuntu server from your Workstation, copy SSH public key:
$ ssh-copy-id email@example.com /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Warning: Permanently added '192.168.200.46' (ECDSA) to the list of known hosts. [email protected]'s password:
Number of key(s) added: 1 Now try logging into the machine, with: "ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added.
- ubuntu is the remote user account
- 192.168.200.46 is the IP address of remote Ubuntu system
Test SSH connectivity to remote Ubuntu system after copying SSH Pubkey. You should not be prompted for User Password, but maybe SSH private key keyphrase if it was set.
$ ssh [email protected] Warning: Permanently added '192.168.200.46' (ECDSA) to the list of known hosts. Enter passphrase for key '/Users/jmutai/.ssh/id_rsa': Welcome to Ubuntu Jammy Jellyfish (development branch) (GNU/Linux 5.13.0-19-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage 45 updates can be applied immediately. To see these additional updates run: apt list --upgradable Your Hardware Enablement Stack (HWE) is supported until April 2025. Last login: Thu Nov 11 13:55:16 2021 from 192.168.200.1
Step 3) Disabling remote SSH for root user (Optional)
To get improved security in your remote Ubuntu system, consider disabling root user ssh login.
On remote Ubuntu system, edit SSH server configuration file and set parameter to disable root access through ssh:
$ sudo vim /etc/ssh/sshd_config PermitRootLogin no
There is also an option of allowing root user authenticate with any other allowed mechanism that is not password or keyboardinteractive. For this set like below:
With above configurations, we’ll be able to login as root user with SSH private key. Only that SSH public key should have been copied to the system before SSH server service is restarted:
$ ssh-copy-id firstname.lastname@example.org /usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/jmutai/.ssh/id_rsa.pub" /usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed /usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys Warning: Permanently added '184.108.40.206' (ECDSA) to the list of known hosts. [email protected]'s password: Number of key(s) added: 1 Now try logging into the machine, with: "ssh '[email protected]'" and check to make sure that only the key(s) you wanted were added.
Restart SSH service to apply new configurations in the file.
sudo systemctl restart ssh systemctl status ssh
Step 4) Disabling SSH Password Authentication (Optional)
Password authentication on SSH can be disabled completely. The only way to login over SSH will be with the use of SSH keys.
Set PasswordAuthentication keyword to no to disallow password authentication for all users:
$ sudo vim /etc/ssh/sshd_config PasswordAuthentication no
Restart SSH service for the new change to take effect.
sudo systemctl restart ssh
SSH authentication without a public key will definitely fail.
$ ssh email@example.com [email protected]: Permission denied (publickey).
When SSH Public key is not in the default
~/.ssh/id_rsa, use -i to pass manual path for the identity:
$ ssh firstname.lastname@example.org -i /path/to/privkey
In Conclusion, OpenSSH server has been installed and configured successfully on Ubuntu 22.04/20.04 Linux machine. We dived further to extra configurations such as disabling root user login and password ssh authentication. In our future guides we shall cover more topics relating to OpenSSH. Stay connected for updates!.
More useful guides on SSH.