This tutorial shows you how to enable ssh on Ubuntu and other linux using OpenSSH. You’ll also learn how to configure OpenSSH server for various purposes.

If you want to enable SSH on Ubuntu desktop , use the following command:

sudo apt install openssh


if you want to enable SSH on Ubuntu server , use the following command:

sudo apt install openssh -server

Read the rest of the article for more detailed information.

Every system admin and developer has experienced the need for remote logins into the systems for quicker administration and debugging purposes.

In an IT environment, almost all the sysadmin tasks these days are performed via remote logins.

And not just sysadmins, even normal users sometimes need to remote login to the servers.

So how do you remotely connect to a Linux system? There are multiple tools available for remote logins but when it comes to Linux, SSH is the most popular choice.

SSH , short for secure shell, is a protocol that allows remote login securely from one computer to another.

Now the question is how do you enable SSH on Ubuntu or Debian or any other Linux distributions you are using?

Remember that SSH is only a protocol and this can protocol can be implemented via a number of tools such as lsh , Dropbear etc., but the most widely used tool for SSH is the open source software OpenSSH.

In this tutorial, you’ll see how to install OpenSSH and configure it to enable SSH on Ubuntu and Debian based Linux distributions. The steps mentioned are applicable to both desktop and server versions of Ubuntu/Debian.

Enable SSH on Ubuntu and Debian with OpenSSH
Installing and Configuring OpenSSH on Ubuntu and Debian-based Distributions

As I mentioned earlier, OpenSSH is the software for making SSH logins. It listens on a port and authenticates the incoming users and creates a new shell for the remote user.

For SSH to work, an ssh server needs to be running on the remote system to which the user needs to log in. You also need to have an ssh client in the local system from which the user will log into the remote system.

OpenSSH provides both of these functionalities. There is openssh -client for end-users and openssh -server for the remote servers.

Before you install OpenSSH, you should check if SSH is already installed and running on your system.

Check if SSH is already enabled and running

It’s more likely that SSH is already enabled on your system. To verify, run the following command on either of the remote server or the end user system:

ps -aux | grep ssh

If SSH is enabled, you should see an information about SSH agent on your desktop:

ps -aux | grep ssh abhishek 1736 0.0 0.0 11304 36 ? Ss 08:18 0:00 /usr/bin/ssh-agent /usr/bin/im-launch env GNOME_SHELL_SESSION_MODE=ubuntu gnome-session --session=ubuntu abhishek 10462 0.0 0.0 21536 1044 pts/0 S+ 10:15 0:00 grep --color=auto ssh

On the server, you should see the information about a SSH daemon running:

ps -aux | grep ssh root 920 0.0 0.2 72296 6028 ? Ss 2018 0:17 /usr/sbin/sshd -D root 22708 0.0 0.3 108172 7364 ? Ss 05:13 0:00 sshd: root@pts/0 root 22873 0.0 0.0 14856 1068 pts/0 S+ 05:14 0:00 grep --color=auto ssh

If you don’t see an output similar to the ones mentioned above, you don’t have SSH running on your system. It’s time to install OpenSSH.

READ How to Install Ansible on Ubuntu and Other Linux Distributions

Installing OpenSSH on Ubuntu and Debian

A quick note about openssh -client and openssh -server before you go on installing OpenSSH.

openssh-client:This is the package you need if you want to connect to a remote Linux system using SSH. This is what you need as the end-user/desktop user.

openssh-server:This is the package you need if you want to allow remote logins via SSH to your system. This is what you need on your Linux server.

Note that installing openssh-server also enables you to remote login to other systems via SSH. In other words, openssh-server consists openssh-client. But if you are just an end user with a Linux desktop, there is (mostly) no need to install openssh-server and allow remote login to your system.

Now that you know the difference between the two, it’s time to see how to install them.

Note that to install OpenSSH on Ubuntu or Debian, you need to have sudo/root rights. If you don’t have such permission, contact your system administrator. You may also read this article aboutcreating sudo users.

Installing OpenSSH for desktop or end users

If you just want to connect to other remote systems over SSH, you should install the openssh-client package using the following command:

sudo apt update sudo apt install openssh-client

Once you have installed ssh on your system, you are read to use it. Please refer to this detailed article to knowhow to use SSH.

Installing OpenSSH for servers

If you are setting up an Ubuntu/Debian server, should install the openssh-server package so that other remote users can connect to your system.

sudo apt update sudo apt install openssh-server

Once you have installed openssh -server, it’s time to learn how to tweak it and configure it as per your need.

READ Fix Permission denied (publickey) SSH Error in Linux

Controlling the SSH daemon sshd (for servers)

You’ll have the SSH daemon named sshd installed and enabled to be started on reboot automatically by default. systemctl is one of the several ways to control the SSH daemon. To know more about systemctl , please refer to this article .

Start the sshd service

The service can be started by simply issuing:

sudo systemctl start sshd Stop the sshd service

The service can be stopped in a similar way:

sudo systemctl stop sshd Restart the sshd service

If you want the sshd service to be stopped and started (usually needed in the case of changing configurations to sshd service), you can simply use this command:

sudo systemctl restart sshd Enable SSH on Ubuntu automatically at each boot

Some services need to be started on rebooting itself to avoid manual interaction and if it is very frequently used. It is very essential for services like Apache, mongod , mysqld , sshd in servers.

If you want to enable such auto start for sshd, use:

sudo systemctl enable sshd Disable SSH auto start on reboot

If you don’t want the sshd to be started on reboot automatically, use

sudo systemctl disable sshd

Above said four tips are necessary whenever you make a change to the ssh service such as changing the port. You can make use of the above commands to manage any service (like mysqld, mongod, apache) with the service name sshd replaced with the target service.

Configuring SSH (for servers)

As of now, our ssh service will be listening on port 22 and ready to authenticate any user (also root) once a key is stored.

If you want to change any of the configurations such as port to listen for connections, you can edit the file “ /etc/ssh/sshd_config ” by adding, deleting, commenting or uncommenting the lines and then restart the sshd service.

There are many options to configure. I have created a list of configurations that will be most likely needed.

READ Load balancing with HAProxy, Nginx and Keepalived in Linux

1. Change the default SSH port

Usually, the sshd service listens on TCP port 22. If you want to change it to some other port say 5678, then add/edit the following line in / etc/ssh/ssh_config.

Port 5678

Restart the service to see the change immediately.

2. Disable root login via SSH

Allowing root users to authenticate by ssh is not a good idea due to security reasons. sudo users can be logged in remote but not root as root is in the top of security food chain.

Root Login can be disabled by adding (if not already present) the following line and restarting the service.

PermitRootLogin no

If the line is already present, then ensure it is not commented out.

3. Allow SSH Key-Based Authentication on

You may want to allow ssh key-based authentication so that end user won’t have to enter the password all the time. Just using the ssh user@ip will be enough for logging into the remote system.

For this, you should configure SSH to allow public key authentication:

PubkeyAuthentication yes

If the line is already present, then ensure it is not commented out.

Now if you want to allow a particular system to log in via public key, you need to add that public key of the end user in the file .ssh/authorized_keys .

You can make ssh keys (public key and private key) with the help of ssh-keygen . To know more about key-gen, refer to this great resource .

You can transfer the public key of the end-user to the remote server by any means you prefer. You mayuse scp command if you like or simply get it via FTP. It’s really up to you.

Above three are most needed, but if you want to change further, please refer the manpage of sshd_config .

I think that’s a good enough reading material to know how to enable SSH on Ubuntu/Debian and how to configure SSH on your server for remote logins.

If you found this article useful, Share it with your friends. If you have any suggestions or comments or if you think I missed something, feel free to drop a comment below.

本文系统(linux)相关术语:linux系统 鸟哥的linux私房菜 linux命令大全 linux操作系统

本文标题:Installing and Configuring OpenSSH on Ubuntu and Debian-based Distributions

技术大类 技术大类 | 系统(linux) | 评论(0) | 阅读(240)