Installing and Configuring OpenSSH on Ubuntu and Debian-based Distributions
Here's how to enable SSH on Ubuntu and Debian based Linux distributions. Also learn how to properly configure the SSH daemon on a Linux server to allow remote logins.
If you want to enable SSH on Ubuntu desktop, use the following command:
sudo apt install openssh-client
If you want to enable SSH on Ubuntu server, use the following command:
sudo apt install openssh-server
Read the rest of the article for more detailed information.
Every system admin and developer has experienced the need for remote logins into the systems for quicker administration and debugging purposes.
In an IT environment, almost all the sysadmin tasks these days are performed via remote logins.
And not just sysadmins, even normal users sometimes need to remote login to the servers.
So how do you remotely connect to a Linux system? There are multiple tools available for remote logins but when it comes to Linux, SSH is the most popular choice.
SSH, short for secure shell, is a protocol that allows remote login securely from one computer to another.
Now the question is how do you enable SSH on Ubuntu or Debian or any other Linux distributions you are using?
Remember that SSH is only a protocol and this can protocol can be implemented via a number of tools such as lsh, Dropbear etc., but the most widely used tool for SSH is the open source software OpenSSH.
In this tutorial, you’ll see how to install OpenSSH and configure it to enable SSH on Ubuntu and Debian based Linux distributions. The steps mentioned are applicable to both desktop and server versions of Ubuntu/Debian.
I also advise reading this article to get acquainted with the basics of SSH.
Enable SSH on Ubuntu and Debian with OpenSSH
As I mentioned earlier, OpenSSH is the software for making SSH logins. It listens on a port and authenticates the incoming users and creates a new shell for the remote user.
For SSH to work, an ssh server needs to be running on the remote system to which the user needs to log in. You also need to have an ssh client in the local system from which the user will log into the remote system.
OpenSSH provides both of these functionalities. There is openssh-client for end-users and openssh-server for the remote servers.
Before you install OpenSSH, you should check if SSH is already installed and running on your system.
Check if SSH is already enabled and running
It’s more likely that SSH is already enabled on your system. To verify, run the following command on either of the remote server or the end user system:
ps -aux | grep ssh
If SSH is enabled, you should see an information about SSH agent on your desktop:
ps -aux | grep ssh abhishek 1736 0.0 0.0 11304 36 ? Ss 08:18 0:00 /usr/bin/ssh-agent /usr/bin/im-launch env GNOME_SHELL_SESSION_MODE=ubuntu gnome-session --session=ubuntu abhishek 10462 0.0 0.0 21536 1044 pts/0 S+ 10:15 0:00 grep --color=auto ssh
On the server, you should see the information about a SSH daemon running:
ps -aux | grep ssh root 920 0.0 0.2 72296 6028 ? Ss 2018 0:17 /usr/sbin/sshd -D root 22708 0.0 0.3 108172 7364 ? Ss 05:13 0:00 sshd: root@pts/0 root 22873 0.0 0.0 14856 1068 pts/0 S+ 05:14 0:00 grep --color=auto ssh
If you don’t see an output similar to the ones mentioned above, you don’t have SSH running on your system. It’s time to install OpenSSH.
Installing OpenSSH on Ubuntu and Debian
A quick note about openssh-client and openssh-server before you go on installing OpenSSH.
openssh-client: This is the package you need if you want to connect to a remote Linux system using SSH. This is what you need as the end-user/desktop user.
openssh-server: This is the package you need if you want to allow remote logins via SSH to your system. This is what you need on your Linux server.
Note that installing openssh-server also enables you to remote login to other systems via SSH. In other words, openssh-server consists openssh-client. But if you are just an end user with a Linux desktop, there is (mostly) no need to install openssh-server and allow remote login to your system.
Now that you know the difference between the two, it’s time to see how to install them.
Note that to install OpenSSH on Ubuntu or Debian, you need to have sudo/root rights. If you don’t have such permission, contact your system administrator. You may also read this article about creating sudo users.
Installing OpenSSH for desktop or end users
If you just want to connect to other remote systems over SSH, you should install the openssh-client package using the following command:
sudo apt update sudo apt install openssh-client
Once you have installed ssh on your system, you are read to use it. Please refer to this detailed article to know how to use SSH.
Installing OpenSSH for servers
If you are setting up an Ubuntu/Debian server, should install the openssh-server package so that other remote users can connect to your system.
sudo apt update sudo apt install openssh-server
Once you have installed openssh-server, it’s time to learn how to tweak it and configure it as per your need.
Controlling the SSH daemon sshd (for servers)
You’ll have the SSH daemon named sshd installed and enabled to be started on reboot automatically by default. systemctl is one of the several ways to control the SSH daemon. To know more about systemctl, please refer to this article.
Start the sshd service
The service can be started by simply issuing:
sudo systemctl start sshd
Stop the sshd service
The service can be stopped in a similar way:
sudo systemctl stop sshd
Restart the sshd service
If you want the sshd service to be stopped and started (usually needed in the case of changing configurations to sshd service), you can simply use this command:
sudo systemctl restart sshd
Enable SSH on Ubuntu automatically at each boot
Some services need to be started on rebooting itself to avoid manual interaction and if it is very frequently used. It is very essential for services like Apache, mongod, mysqld, sshd in servers.
If you want to enable such auto start for sshd, use:
sudo systemctl enable sshd
Disable SSH auto start on reboot
If you don’t want the sshd to be started on reboot automatically, use
sudo systemctl disable sshd
Above said four tips are necessary whenever you make a change to the ssh service such as changing the port. You can make use of the above commands to manage any service (like mysqld, mongod, apache) with the service name sshd replaced with the target service.
Tip: You can use nohup command to keep on running commands even if your SSH connection disconnects.
Configuring SSH (for servers)
As of now, our ssh service will be listening on port 22 and ready to authenticate any user (also root) once a key is stored.
If you want to change any of the configurations such as port to listen for connections, you can edit the file “/etc/ssh/sshd_config” by adding, deleting, commenting or uncommenting the lines and then restart the sshd service.
There are many options to configure. I have created a list of configurations that will be most likely needed.
1. Change the default SSH port
Usually, the sshd service listens on TCP port 22. If you want, you can change the SSH port to say 5678 by adding/editing the following line in /etc/ssh/ssh_config.
Restart the service to see the change immediately.
2. Disable root login via SSH
Allowing root users to authenticate by ssh is not a good idea due to security reasons. sudo users can be logged in remote but not root as root is in the top of security food chain.
Root Login can be disabled by adding (if not already present) the following line and restarting the service.
If the line is already present, then ensure it is not commented out.
3. Allow SSH Key-Based Authentication on
You may want to allow ssh key-based authentication so that end user won’t have to enter the password all the time. Just using the ssh user@ip will be enough for logging into the remote system.
For this, you should configure SSH to allow public key authentication:
If the line is already present, then ensure it is not commented out.
Now if you want to allow a particular system to log in via public key, you need to add that public key of the end user in the file .ssh/authorized_keys.
You can make ssh keys (public key and private key) with the help of ssh-keygen. To know more about key-gen, refer to this great resource.
You can transfer the public key of the end-user to the remote server by any means you prefer. You may use scp command if you like or simply get it via FTP. It’s really up to you.
I think that’s a good enough reading material to know how to enable SSH on Ubuntu/Debian and how to configure SSH on your server for remote logins.
In a related article, you can refer to this article detailing a SSH error that arises due to copying public key between systems.
If you found this article useful, Share it with your friends. If you have any suggestions or comments or if you think I missed something, feel free to drop a comment below.