Let’s see how to install and configure a SSH server as shown in given scenario which is very common :
The basic idea here is that the SSH server needs to be able to communicate with internet / external network as well as with local area network. This is accomplished by the following steps :
- Install SSH services on Ubuntu box
- Harden the newly installed SSH server (tweak it security wise before starting it)
- Start the SSH services
- Configure the router / firewall through which it “talks” or communicates with the internet / outside world
- Check if the SSH server is working
Installing SSH services :
1. Login to Ubuntu server (this example uses Ubuntu 11.10 server edition).
2. Issue the following command :
Once this is done, ssh service is installed but before starting it, it is best to tweak it a bit for better security.
Hardening the SSH box :
To do this, edit the following configuration file using any text editor like vim, joe etc :
Change the entries for “Port” from 22 to 2222 and “PermitRootLogin” from yes to no. What this basically does is that instead of listening on the default port of 22 which is well known for SSH, the server will listen on a changed port number (2222) thereby providing some security by obscurity. Disabling the use of root to login directly using SSH is another way to improve security .
Starting the SSH services :
Now that the SSH service is installed and tweaked for better security, all that is left is to start the service by typing :
The server is now ready.
Configure the router/firewall for making the SSH server communicate with outside world / internet :
Since the port changed is a non standard port, the same should be opened in the firewall else the incoming SSH connections will be dropped (even for standard SSH port, firewall needs to be changed to allow access in most cases). In this example, the exception was added to a home router such that all incoming SSH requests would be forwarded to the local box (as it is connected to the home network) which is the SSH server as shown :
Check if the SSH server is working as expected:
It is a good idea to test the access by using Putty or any other SSH client from a remote system preferably on a different network or using a different internet service provider. (For this the public IP address of the system running the SSH server would be needed in order to connect to it.)