Configuring your Ubuntu server to allow SSH access is often the first critical step in remote administration. Secure Shell provides a robust and encrypted method to manage your system without needing direct physical access. This guide walks through the essential configurations, from initial installation to advanced hardening techniques.
Understanding the SSH Service on Ubuntu
By default, modern Ubuntu installations include the OpenSSH server package, but it is often not started or configured to listen on external interfaces. The `openssh-server` package provides the `sshd` daemon, which handles incoming connection requests. Before modifying any settings, it is good practice to check the current status of this service to understand your baseline environment.
Installing and Enabling the OpenSSH Server
If you are working from a minimal server installation or a container, the SSH server might not be present. You can install it using the APT package manager. Once installed, the service must be enabled to start automatically during the boot process to ensure persistent access.
Installation Commands
Update the local package index: sudo apt update
Install the OpenSSH server package: sudo apt install openssh-server
Verify the service is running: sudo systemctl status ssh
Configuring the Firewall for SSH Access
Ubuntu typically utilizes `UFW` (Uncomplicated Firewall) to manage network access. If the firewall is active, it will block incoming connections to the SSH port (22) by default. You must create a rule to allow traffic on this port before applying the changes.
Firewall Management Steps
Allow SSH connections: sudo ufw allow ssh
Enable the firewall if it is disabled: sudo ufw enable
Check the current rules: sudo ufw status
For cloud environments, you must also adjust the security group or network ACLs to permit TCP traffic on port 22 from your specific IP range.
Adjusting the SSH Configuration File
The main configuration file for the SSH daemon is located at /etc/ssh/sshd_config . This file contains directives that control port numbers, authentication methods, and user access. Editing this file is the primary method for hardening your server and allowing specific users.
Key Configuration Parameters
Parameter | Description
Port 2222 | Changes the default port to mitigate automated bot attacks.
PermitRootLogin no | Disables direct login for the root user, requiring sudo usage.
PasswordAuthentication no | Forces key-based login, which is more secure than passwords.
After making any changes to this file, you must reload the SSH daemon to apply the new settings without dropping existing sessions.
Managing User Access and Keys
To allow SSH access for a specific user, ensure their account exists on the system. The authorized keys file, located at ~/.ssh/authorized_keys , contains the public keys that are permitted to log in. Managing these keys directly is more secure than relying on password authentication.
