Installing and Configuring OpenSSH on Ubuntu and Debian-based Distributions
Tutorial

Installing and Configuring OpenSSH on Ubuntu and Debian-based Distributions

seeni
Abhishek Prakash
seeni, Abhishek Prakash

If you want to enable SSH on Ubuntu desktop, use the following command:

sudo apt install openssh-client

If you want to enable SSH on Ubuntu server, use the following command:

sudo apt install openssh-server

Read the rest of the article for more detailed information.

Every system admin and developer has experienced the need for remote logins into the systems for quicker administration and debugging purposes.

In an IT environment, almost all the sysadmin tasks these days are performed via remote logins.

And not just sysadmins, even normal users sometimes need to remote login to the servers.

So how do you remotely connect to a Linux system? There are multiple tools available for remote logins but when it comes to Linux, SSH is the most popular choice.

SSH, short for secure shell, is a protocol that allows remote login securely from one computer to another.

Now the question is how do you enable SSH on Ubuntu or Debian or any other Linux distributions you are using?

Remember that SSH is only a protocol and this can protocol can be implemented via a number of tools such as lsh, Dropbear etc., but the most widely used tool for SSH is the open source software OpenSSH.

In this tutorial, you’ll see how to install OpenSSH and configure it to enable SSH on Ubuntu and Debian based Linux distributions. The steps mentioned are applicable to both desktop and server versions of Ubuntu/Debian.

I also advise reading this article to get acquainted with the basics of SSH.

Enable SSH on Ubuntu and Debian with OpenSSH

As I mentioned earlier, OpenSSH is the software for making SSH logins. It listens on a port and authenticates the incoming users and creates a new shell for the remote user.

For SSH to work, an ssh server needs to be running on the remote system to which the user needs to log in. You also need to have an ssh client in the local system from which the user will log into the remote system.

OpenSSH provides both of these functionalities. There is openssh-client for end-users and openssh-server for the remote servers.

Before you install OpenSSH, you should check if SSH is already installed and running on your system.

Check if SSH is already enabled and running

It’s more likely that SSH is already enabled on your system. To verify, run the following command on either of the remote server or the end user system:

ps -aux | grep ssh

If SSH is enabled, you should see an information about SSH agent on your desktop:

ps -aux | grep ssh

abhishek  1736  0.0  0.0  11304    36 ?        Ss   08:18   0:00 /usr/bin/ssh-agent /usr/bin/im-launch env GNOME_SHELL_SESSION_MODE=ubuntu gnome-session --session=ubuntu

abhishek 10462  0.0  0.0  21536  1044 pts/0    S+   10:15   0:00 grep --color=auto ssh

On the server, you should see the information about a SSH daemon running:

ps -aux | grep ssh

root       920  0.0  0.2  72296  6028 ?        Ss    2018   0:17 /usr/sbin/sshd -D

root     22708  0.0  0.3 108172  7364 ?        Ss   05:13   0:00 sshd: root@pts/0

root     22873  0.0  0.0  14856  1068 pts/0    S+   05:14   0:00 grep --color=auto ssh

If you don’t see an output similar to the ones mentioned above, you don’t have SSH running on your system. It’s time to install OpenSSH.

Installing OpenSSH on Ubuntu and Debian

A quick note about openssh-client and openssh-server before you go on installing OpenSSH.

openssh-client: This is the package you need if you want to connect to a remote Linux system using SSH. This is what you need as the end-user/desktop user.

openssh-server: This is the package you need if you want to allow remote logins via SSH to your system. This is what you need on your Linux server.

Note that installing openssh-server also enables you to remote login to other systems via SSH. In other words, openssh-server consists openssh-client. But if you are just an end user with a Linux desktop, there is (mostly) no need to install openssh-server and allow remote login to your system.

Now that you know the difference between the two, it’s time to see how to install them.

Note that to install OpenSSH on Ubuntu or Debian, you need to have sudo/root rights. If you don’t have such permission, contact your system administrator. You may also read this article about creating sudo users.

Installing OpenSSH for desktop or end users

If you just want to connect to other remote systems over SSH, you should install the openssh-client package using the following command:

sudo apt update
sudo apt install openssh-client

Once you have installed ssh on your system, you are read to use it. Please refer to this detailed article to know how to use SSH.

Installing OpenSSH for servers

If you are setting up an Ubuntu/Debian server, should install the openssh-server package so that other remote users can connect to your system.

sudo apt update
sudo apt install openssh-server

Once you have installed openssh-server, it’s time to learn how to tweak it and configure it as per your need.

Controlling the SSH daemon sshd (for servers)

You’ll have the SSH daemon named sshd installed and enabled to be started on reboot automatically by default. systemctl is one of the several ways to control the SSH daemon. To know more about systemctl, please refer to this article.

Start the sshd service

The service can be started by simply issuing:

sudo systemctl start sshd

Stop the sshd service

The service can be stopped in a similar way:

sudo systemctl stop sshd

Restart the sshd service

If you want the sshd service to be stopped and started (usually needed in the case of changing configurations to sshd service), you can simply use this command:

sudo systemctl restart sshd

Enable SSH on Ubuntu automatically at each boot

Some services need to be started on rebooting itself to avoid manual interaction and if it is very frequently used. It is very essential for services like Apache, mongod, mysqld, sshd in servers.

If you want to enable such auto start for sshd, use:

sudo systemctl enable sshd

Disable SSH auto start on reboot

If you don’t want the sshd to be started on reboot automatically, use

sudo systemctl disable sshd

Above said four tips are necessary whenever you make a change to the ssh service such as changing the port. You can make use of the above commands to manage any service (like mysqld, mongod, apache) with the service name sshd replaced with the target service.

Tip: You can use nohup command to keep on running commands even if your SSH connection disconnects.

Configuring SSH (for servers)

As of now, our ssh service will be listening on port 22 and ready to authenticate any user (also root) once a key is stored.

If you want to change any of the configurations such as port to listen for connections, you can edit the file “/etc/ssh/sshd_config” by adding, deleting, commenting or uncommenting the lines and then restart the sshd service.

There are many options to configure. I have created a list of configurations that will be most likely needed.

1. Change the default SSH port

Usually, the sshd service listens on TCP port 22. If you want to change it to some other port say 5678, then add/edit the following line in /etc/ssh/ssh_config.

Port 5678

Restart the service to see the change immediately.

2. Disable root login via SSH

Allowing root users to authenticate by ssh is not a good idea due to security reasons. sudo users can be logged in remote but not root as root is in the top of security food chain.

Root Login can be disabled by adding (if not already present) the following line and restarting the service.

PermitRootLogin no

If the line is already present, then ensure it is not commented out.

3. Allow SSH Key-Based Authentication on

You may want to allow ssh key-based authentication so that end user won’t have to enter the password all the time. Just using the ssh user@ip will be enough for logging into the remote system.

For this, you should configure SSH to allow public key authentication:

PubkeyAuthentication yes 

If the line is already present, then ensure it is not commented out.

Now if you want to allow a particular system to log in via public key, you need to add that public key of the end user in the file .ssh/authorized_keys.

You can make ssh keys (public key and private key) with the help of ssh-keygen. To know more about key-gen, refer to this great resource.

You can transfer the public key of the end-user to the remote server by any means you prefer. You may use scp command if you like or simply get it via FTP. It’s really up to you.

Above three are most needed, but if you want to change further, please refer the manpage of sshd_config.

Conclusion

I think that’s a good enough reading material to know how to enable SSH on Ubuntu/Debian and how to configure SSH on your server for remote logins.

In a related article, you can refer to this article detailing a SSH error that arises due to copying public key between systems.

If you found this article useful, Share it with your friends. If you have any suggestions or comments or if you think I missed something, feel free to drop a comment below.



Join the conversation.