Enabling SSH on an Ubuntu Server is the foundational step for remote administration, allowing system managers to perform updates, monitor services, and manage infrastructure without needing physical console access. This guide walks through the essential configuration, security hardening, and troubleshooting steps required to establish a reliable and secure remote connection.
Understanding the OpenSSH Server on Ubuntu
By default, a fresh installation of Ubuntu Server does not include the SSH daemon, known as OpenSSH server, to minimize the attack surface. This daemon is the background process that listens for incoming connections on port 22, handling encryption and user authentication. To interact with the server remotely, this service must be installed and set to start automatically with the system.
Installing and Starting the SSH Service
Before you can enable remote access, you need to deploy the OpenSSH server package using the Advanced Package Tool. This process downloads the necessary files from the official repositories and configures the daemon on your machine.
Update the local package index to ensure you are installing the latest available version: sudo apt update .
Install the OpenSSH server package: sudo apt install openssh-server .
Verify that the service is running and active: sudo systemctl status ssh .
Upon successful installation, the SSH daemon will start immediately and be configured to launch automatically during system boot, ensuring persistent remote access.
Configuring the Firewall for Remote Access
If a firewall is active, such as UFW (Uncomplicated Firewall), it will block incoming connections to the SSH port by default. You must create a rule to allow traffic through the network interface to prevent being locked out of the server.
Allow the default SSH port (22) through the firewall: sudo ufw allow ssh .
Enable the firewall to enforce the rules: sudo ufw enable .
Check the current status and rules to confirm SSH access is permitted: sudo ufw status .
This step is critical for maintaining security while providing the necessary pathways for legitimate administrative traffic.
Hardening SSH Security Post-Configuration
Once the service is active, security best practices dictate that you modify the default configuration to protect against brute-force attacks and unauthorized access. The main configuration file is located at /etc/ssh/sshd_config .
After editing the configuration file, you must reload the SSH daemon to apply the changes: sudo systemctl reload ssh .
Connecting to the Server and Managing Keys
With the server configured, you can connect from your local machine using the ssh command. If you opted for key-based authentication, you will need to generate an SSH key pair and place the public key on the server.
Generate a new RSA key pair on your client machine: ssh-keygen -t rsa -b 4096 .
