Secure Shell (SSH) is a network protocol used for a secure connection between a client and a server. Each interaction between the server and a client is encrypted.
This tutorial explains how to enable SSH on an Ubuntu machine.
Enabling SSH will allow you to connect to your system remotely and perform administrative tasks. You’ll also be able to securely transfer files via scp
and sftp
.
Enabling SSH on Ubuntu
By default, when Ubuntu is first installed, remote access via SSH is not allowed. Enabling SSH on Ubuntu is fairly straightforward.
Perform the following steps as root or user with sudo privileges to install and enable SSH on your Ubuntu system:
-
Open the terminal with
Ctrl+Alt+T
and install theopenssh-server
package:sudo apt update
sudo apt install openssh-server
When prompted, enter your password and press Enter to continue with the installation.
-
Once the installation is complete, the SSH service will start automatically. You can verify that SSH is running by typing:
sudo systemctl status ssh
The output should tell you that the service is running and enabled to start on system boot:
● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2020-06-01 12:34:00 CEST; 9h ago ...
Press
q
to get back to the command line prompt. -
Ubuntu ships with a firewall configuration tool called UFW. If the firewall is enabled on your system, make sure to open the SSH port:
sudo ufw allow ssh
That’s it! You can now connect to your Ubuntu system via SSH from any remote machine. Linux and macOS systems have SSH clients installed by default. To connect from a Windows machine, use an SSH client such as PuTTY.
Connecting to the SSH Server
To connect to your Ubuntu machine over LAN invoke the ssh command followed by the username and the IP address in the following format:
ssh username@ip_address
username
with the actual user name and ip_address
with the IP Address of the Ubuntu machine where you installed SSH.If you don’t know your IP address you can easily find it using the ip
command:
ip a
As you can see from the output, the system IP address is 10.0.2.15
.
Once you’ve found the IP address, log in to remote machine by running the following ssh
command:
ssh [email protected]
When you connect the first time, you will see a message like this:
The authenticity of host '10.0.2.15 (10.0.2.15)' can't be established.
ECDSA key fingerprint is SHA256:Vybt22mVXuNuB5unE++yowF7lgA/9/2bLSiO3qmYWBY.
Are you sure you want to continue connecting (yes/no)?
Type yes
and you’ll be prompted to enter your password.
Warning: Permanently added '10.0.2.15' (ECDSA) to the list of known hosts.
[email protected]'s password:
Once you enter the password, you will be greeted with the default Ubuntu message:
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-26-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
...
You are now logged in to your Ubuntu machine.
Connecting to SSH behind NAT
To connect to your home Ubuntu machine over the Internet you will need to know your public IP Address and to configure your router to accept data on port 22 and send it to the Ubuntu system where the SSH is running.
To determine the public IP address of the machine you’re trying to SSH to, simply visit the following URL: https://api.ipify.org
.
When it comes to setting up port forwarding, each router has a different way to setup port forwarding. You should consult your router documentation about how to set up port forwarding. In short, you need to enter the port number where requests will be made (Default SSH port is 22) and the private IP address you found earlier (using the ip a
command) of the machine where the SSH is running.
Once you’ve found the IP address, and configured your router you can log in by typing:
ssh username@public_ip_address
If you are exposing your machine to the Internet it is a good idea to implement some security measures. The most basic one is to configure your router to accept SSH traffic on a non-standard port and to forward it to port 22 on the machine running the SSH service.
You can also set up an SSH key-based authentication and connect to your Ubuntu machine without entering a password.
Disabling SSH on Ubuntu
To disable the SSH server on your Ubuntu system, simply stop the SSH service by running:
sudo systemctl disable --now ssh
Later, to re-enable it, type:
sudo systemctl enable --now ssh
Conclusion
We’ve shown you how to install and enable SSH on your Ubuntu 20.04. You can now login to your machine and perform everyday sysadmin tasks through the command prompt.
If you are managing multiple systems, you can simplify your workflow by defining all of your connections in the SSH config file. Changing the default SSH port adds an extra layer of security to your system, by reducing the risk of automated attacks.
For more information about how to configure your SSH server, read the Ubuntu’s SSH/OpenSSH/Configuring guide and the official SSH manual page.
If you have any questions, please leave a comment below.