How To Install SSH Server On Ubuntu

One of the earlier posts described how to access a SSH server from Linux Mint/Ubuntu using a SSH client like Putty.

Let’s see how to install and configure a SSH server as shown in given scenario which is very common  :

SSH server scenario

The basic idea here is that the SSH server needs to be able to communicate with internet / external network as well as with local area network. This is accomplished by the following steps :

  • Install SSH services on Ubuntu box
  • Harden the newly installed SSH server (tweak it security wise before starting it)
  • Start the SSH services
  • Configure the router / firewall through which it “talks” or communicates with the internet / outside world
  • Check if the SSH server is working

Installing SSH services :

1. Login to Ubuntu server  (this example uses Ubuntu 11.10 server edition).

2. Issue the following command :

sudo apt-get install openssh-server

Installing open-ssh server

Once this is done, ssh service is installed but before starting it, it is best to tweak it a bit for better security.

Hardening the SSH box :

To do this, edit the following configuration file using any text editor like vim, joe etc :

sudo vim /etc/ssh/sshd_config

Editing ssh config file for better security

Change the entries for “Port” from 22 to 2222 and “PermitRootLogin” from yes to no. What this basically does is that instead of listening on the default port of 22 which is well known for SSH, the server will listen on a changed port number (2222) thereby providing some security by obscurity. Disabling the use of root to login directly using SSH is another way to improve security .

Starting the SSH services :

Now that the SSH service is installed and tweaked for better security, all that is left is to start the service by typing :

sudo /etc/init.d/ssh restart

Starting ssh services on server

The server is now ready.

Configure the router/firewall for making the SSH server communicate with outside world / internet :

Since the port changed is a non standard port, the same should be opened in the firewall else the incoming SSH connections will be dropped (even for standard SSH port, firewall needs to be changed to allow access in most cases). In this example, the exception was added to a home router such that all incoming SSH requests would be forwarded to the local box (as it is connected to the home network) which is the SSH server as shown :

Adding SSH port exception to firewall/router

 

Check if the SSH server is working as expected:

It is a good idea to test the access by using Putty or any other SSH client from a remote system preferably on a different network or  using a different internet service provider. (For this the public IP address of the system running the SSH server would be needed in order to connect to it.)

Testing ssh access from remote computer

All done.

Happy SSH-ing!