Enabling SSH access on an Ubuntu server is a foundational skill for system administrators and developers who manage remote infrastructure. This protocol provides a secure channel over an unsecured network, allowing for command-line interaction and file transfer without exposing sensitive data to interception. The default configuration on Ubuntu, however, often disables this remote capability to adhere to the principle of minimal attack surface, requiring deliberate action to activate it.
Understanding the OpenSSH Server
The functionality for SSH access on Ubuntu is provided by the OpenSSH server package, known as openssh-server . Unlike the client, which is typically installed by default, the server component is an optional feature that must be installed explicitly. This separation ensures that machines intended solely for local use do not inadvertently listen for remote connections, reducing potential entry points for unauthorized access.
Installation Process
Activating the SSH server on Ubuntu is a straightforward process managed by the Advanced Package Tool (APT). Before installation, it is recommended to update the local package index to ensure you are installing the latest available version. The installation process downloads the necessary files and configures the system to start the service automatically upon boot, integrating seamlessly with the system's initialization process.
To install the server, execute the following command with superuser privileges:
sudo apt update
sudo apt install openssh-server
Verifying the Service Status
Once the installation completes, the SSH daemon should begin running immediately. It is essential to verify that the service is active and listening on the correct port to confirm that the setup was successful. By default, SSH listens on port 22, waiting for incoming connection attempts from clients.
You can check the current status of the service using the following command:
sudo systemctl status ssh
A status of "active (running)" indicates that the server is operational and ready to accept connections.
Adjusting the Firewall Configuration
If a firewall is enabled on the server, such as UFW (Uncomplicated Firewall), you must explicitly allow traffic through port 22. Without this configuration, incoming connection requests will be dropped, preventing any remote access. The good news is that Ubuntu's UFW provides a straightforward method to permit SSH traffic safely.
To allow SSH connections, use the following command:
sudo ufw allow ssh
This command creates a rule that permits incoming TCP connections to port 22, ensuring the encrypted tunnel can be established between the client and the server.
Connecting to the Remote Machine
With the server installed, running, and the firewall configured, you can now initiate a connection from another machine. The standard tool for this is the ssh command-line client, which is available on most Linux distributions, macOS, and Windows 10 and later. You will need the IP address or hostname of the target server and a valid user account.
The basic syntax for connecting is as follows:
ssh username@server_ip_address
Upon first connection, the client will warn you about the authenticity of the host; accepting this adds the server to your known hosts file. You will then be prompted to enter the password for the specified user, completing the secure login process.
Hardening Security Measures
While enabling SSH access is necessary, relying solely on password authentication can expose the server to brute-force attacks. For a robust security posture, implementing key-based authentication is highly recommended. This method uses a cryptographic key pair, where the private key remains securely on your local machine and the public key is placed on the server.
