How to Install SSH Server on Ubuntu / Debian with OpenSSH

By | September 4, 2020

What is ssh - Secure Shell

Secure shell is a secure communication protocol that can be used for remote administration (like a webserver) over a terminal.

It is technically a secure version of telnet. A shell access on any system enables a user to run commands and control the system.

If you have worked on linux servers online from command line, you probably have used it.

The communication is wrapped with ssl encryption and called secure shell.

Ssh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. It provides secure encrypted communications between two untrusted hosts over an insecure network. X11 connections and arbitrary TCP/IP ports can also be forwarded over the secure channel. It can be used to provide applications with a secure communication channel.

For secure shell, we need 2 components. First is the secure shell server that runs on the machine that is to be controlled remotely. And the other part is an ssh client that can speak the ssh protocol and communicate with the ssh server.

In this post we are going to see how to setup the ssh server and client on ubuntu and do some secure communication.

Install OpenSSH Server

On ubuntu install the package openssh-server. It provides the sshd server. This same method should work on Debian and other debian based distros as well.

$ sudo apt-get install openssh-server
This is the portable version of OpenSSH, a free implementation of the Secure Shell protocol as specified by the IETF secsh working group.

Once installed the ssh server should be up and running. Verify it with the service command

$ service ssh status
ssh start/running, process 29422

Connect to SSH server from client

Now connect to the ssh server using the ssh command. The ssh command is the "openssh client". The syntax is of ssh is like this

ssh username@hostname

OR

ssh -l username hostname

Connect to our ssh server.

$ ssh enlightened@localhost
The authenticity of host 'localhost (127.0.0.1)' can't be established.
ECDSA key fingerprint is f2:81:02:29:0b:84:69:d4:71:35:e0:2f:d7:3b:cd:3e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'localhost' (ECDSA) to the list of known hosts.
enlightened@localhost's password:

Once logged in it will show a welcome message similar to this

Welcome to Ubuntu 12.10 (GNU/Linux 3.5.0-17-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

New release '13.04' available.
Run 'do-release-upgrade' to upgrade to it.

*** System restart required ***
Last login: Thu May 30 20:58:33 2013 from localhost
$

Configure SSH server

The ssh server works on port 22 by default. If you want to change the default port of ssh server then edit the file

/etc/ssh/sshd_config

It has a line for specifying the port number.

# What ports, IPs and protocols we listen for
Port 22

After changing the port number restart the ssh server using the service command

$ sudo service ssh restart
ssh stop/waiting
ssh start/running, process 30751

To learn more about how to configure the ssh server using the configuration file check the man page by running the following command

man sshd_config

Putty ssh client - Windows users

On ubuntu the terminal ssh command is the easiest way to connect to any ssh server. However if you are looking for an alternative then try putty.

Putty is a free ssh/telnet client that is available for both linux and windows. On ubuntu install it from synaptic

sudo apt-get install putty

Securing SSH Server

If you are installing ssh server on a remote and online server, its important secure the server. Here are some security measures you can implement to strengthen the security of the ssh server.

1. Use strong usernames and passwords
2. Configure Idle Timeout Interval
3. Disable empty passwords
4. Give ssh access to only specific users
5. Disable root logins
6. Only use ssh protocol 2
7. Use different port
8. Restrict Clients with firewall
9. Use Key based Authentication

Password less login to ssh server

The ssh server setup by default asks for the username/password to login. However it is possible to setup password less login by using key based authentication.

Check out my tutorial on setting up password less login to ssh for more information.

Links and Resources

To learn more check out the following links:

http://www.openssh.org/

If you have any feedback or questions, let us know in the comments below.

About Silver Moon

A Tech Enthusiast, Blogger, Linux Fan and a Software Developer. Writes about Computer hardware, Linux and Open Source software and coding in Python, Php and Javascript. He can be reached at [email protected].

Leave a Reply

Your email address will not be published. Required fields are marked *