Knowledge   Freebies   Learning   Domain   Posts   Tags

Contents

How to Config SSH Server on Ubuntu

   546 words   3 minutes 

Ubuntu SSH Server Configuration

1. Environment

Server:

1
2
3
4
5
6

lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.5 LTS
Release:	18.04
Codename:	bionic

Client: Macbook Pro

2. Install Open SSH Server

Check ssh client (installed by default on Ubuntu 18.04 TLS)

1
2
3

$ dpkg -l | grep ssh
ii  libssh-4:amd64                             0.8.0~20170825.94fa1e38-1ubuntu0.7               amd64        tiny C SSH library (OpenSSL flavor)
ii  openssh-client                             1:7.6p1-4ubuntu0.3                               amd64        secure shell (SSH) client, for secure access to remote machines

Install SSH server

1

$ sudo apt-get install openssh-server

Then check installation.

1
2
3
4
5
6

$ dpkg -l | grep ssh
ii  libssh-4:amd64                             0.8.0~20170825.94fa1e38-1ubuntu0.7               amd64        tiny C SSH library (OpenSSL flavor)
ii  openssh-client                             1:7.6p1-4ubuntu0.3                               amd64        secure shell (SSH) client, for secure access to remote machines
ii  openssh-server                             1:7.6p1-4ubuntu0.3                               amd64        secure shell (SSH) server, for secure access from remote machines
ii  openssh-sftp-server                        1:7.6p1-4ubuntu0.3                               amd64        secure shell (SSH) sftp server module, for SFTP access from remote machines
ii  ssh-import-id                              5.7-0ubuntu1.1                                   all          securely retrieve an SSH public key and install it locally

Check process.

1
2

$ ps -ax | grep ssh
 3089 ?        Ss     0:00 /usr/bin/ssh-agent /usr/bin/im-launch env GNOME_SHELL_SESSION_MODE=ubuntu gnome-session --session=ubuntu

3. Configure ssh daemon

Change /etc/ssh/sshd_config.

PermitRootLogin no
PubkeyAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
  • PermitRootLogin: “no” for prohibiting SSH root login.
  • PubkeyAuthentication: “yes” for permitting SSH public key authentication
  • PasswordAuthentication: “no” for prohibiting password authentication
  • PermitEmptyPasswords: “no” for prohibiting blank password when turn on password authentication

4. Open ports

Ubuntu 18.04 LTS closes ports by default. Using utf(Uncomplicated FireWall), open the port for SSH.

1
2
3
4
5

$ sudo ufw enable # Enable firewall
$ sudo ufw status # Check open port
$ sudo ufw allow 22
$ sudo ufw reload
$ sudo ufw status # Check open port again

5. Set static IP address

Ubuntu 18.04 supports network configuration at yaml files at /etc/netplan/. (ex. /etc/netplan/01-network-manager-all.yaml).

Define ethernets section at 01-network-manager-all.yaml

# Let NetworkManager manage all devices on this system
network:
  version: 2
  renderer: NetworkManager
  ethernets:
    enp3s0:
      addresses: [192.168.0.18/24, 'xxxx:3b:xxxx:2:xxxx:xxxx:xxxx:xxxx/64'] # Mac address is on `ifconfig -a`
      gateway4: 192.168.0.1
      nameservers:
        addresses: [192.168.0.1, 8.8.8.8, 8.8.4.4]

For checking network configuration, I installed net-tools and run ifconfig -a.

Apply updated configuration.

1

$ sudo netplan apply

6. Configure SSH key

6.1. Server

At server, generate SSH key.

1

$ ssh-keygen -t rsa

I setup pass phrase for SSH key file this time.

6.2. Client

6.2.1. authorized_keys

Then sent a public key (id_rsa_xxx.pub) to client and add that to ${HOME}/.ssh/authorized_keys

1

cat id_rsa_xxx.pub >> ~/.ssh/authorized_keys

6.2.2. .ssh/config

Add server host to ~/.ssh/config

Host 92.168.0.18
    Hostname ubuntu01
    User xxxx
    Port 22
    IdentityFile ~/.ssh/id_rsa_xxx_202105

Then I could login to server to client by:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17

$ ssh [email protected]
Welcome to Ubuntu 18.04.5 LTS (GNU/Linux 5.4.0-70-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/advantage

 * Canonical Livepatch is available for installation.
   - Reduce system reboots and improve kernel security. Activate at:
     https://ubuntu.com/livepatch

0 個のパッケージがアップデート可能です。
0 of these updates are security updates.

Your Hardware Enablement Stack (HWE) is supported until April 2023.
Last login: Thu May  6 13:51:33 2021 from 192.168.0.11
[email protected]:~$

References

Updated on 2022-01-26
 Learning
Back | Home