One of Linux’s more useful features is its ability to permit secure, encrypted remote access. Secure Shell technology (SSH) permits you to control a remote computer without having actual physical access to the machine. SSH’s network traffic is encrypted, and assuming you configure SSH correctly, quite secure. Ubuntu Linux has always had strong support for SSH, and Lucid Lynx 10.04 is no different. You can use an SSH implementation called OpenSSH Server to remotely, securely access your machine.
Here’s how to install and perform a basic security configuration of OpenSSH Server on Ubuntu 10.04 Lucid Lynx.
First, you’ll need to install OpenSSH Server. To do so, open up a Terminal window and type the following command:
sudo apt-get install openssh-server
apt-get will then download and install OpenSSH Server. Depending upon the speed of your computer and Internet connection, the installation may take several minutes.
Once the installation has finished, return to the Terminal. We’ll need to make a few changes to your /etc/ssh/sshd_config file in order to increase SSH’s security. First, however, we’ll want to make a backup copy of your sshd_config file in case anything goes wrong. Type this command into the Terminal:
sudo cp /etc/ssh/sshd_config ~
This will make a backup copy of the sshd_config file in your home directory.
Next, we’ll need to edit the sshd_config file itself:
sudo gedit /etc/ssh/sshd_config
(Obviously you can use vi or emacs or the editor of your choice instead, though newer Linux users tend to find gedit’s GUI easier to use.)
Once you’re editing the file, you’ll want to add the following two directives to the end of the file:
PermitRootLogin no
AllowUsers USERNAME
PermitRootLogin no will block root from logging in via SSH. It’s best to never enable root SSH access, since if an attacker happens to figure out the root password, he or she will have total remote control over your system.
AllowUsers adds an additional layer of protection by only allowing specific users to connect via SSH. For instance, if you wanted only users test1 and test2 to have SSH access, you would set AllowUsers as AllowUsers test1 test2.
You may also want to consider changing the Ports directive. By default SSH runs over TCP/IP port 22, which means that any malware bot autoscanning port 22 can target it. Changing the Ports directive to something different will make SSH run over a different, blocking some of those automated cracking attempts.
Once you have finished changing your settings, save the sshd_config file, and restart the SSH daemon with this command:
sudo /etc/init.d/ssh restart
You should now be able to SSH into your Ubuntu Lucid Lynx machine from another system with an SSH client.
-JM
ADDITIONAL READING:
I just installed ubuntu 10.04 on my PC and found SSH server is not install on my PC. i also tried running # sudo apt-get install openssh_server command; but this is not working. can anyone suggest me how to setup SSH on my PC.
I think you have the command wrong. It’s # sudo apt-get install openssh-server.
@srinivas
Make sure you’re typing it correctly:
openssh-server (hyphen–not underscore)
Hope that helps.
Worked great for me! Thanks! I also appreciate the SSH security warning info. That alone gives me extra work to go back and do on may things…
Glad it helped!
Thanks for this Jonathan! Not even my Linux-confident nerd friend knew how to set this up properly
When i use sudo gedit /etc/ssh/sshd_config
i’ve got this message:
(gedit:1898): Gtk-WARNING **: cannot open display:
any clue of what that mean?
Max
Thanks so much. This worked flawlessly for me!
Max,
It means that you aren’t running in graphics mode. Gedit is a graphical text editor.
Start graphics mode or use a terminal editor like nano or vim to edit the file.
Hi!
thanks for this guide however when i try to login via ssh, my password is not being accepted.
i followed the allowusers user1 user2.
passwords are correctly typed.
any info is much appreciated.
Hello again. I just checked the account settings..the logins account i set for ssh were under Custom, i can see also in the advanced settings that there is an SSH option for the main group. ill try this again later on.
thanks!
A VERY good walkthrough and explanation. It worked perfectly, and I even learned a bit about SSH security. Thanks a ton!
thank u it wrked well
Dude,
after searching for a decent noob tutorial on SSH, I stumbled upon yours. Just fracking awesome. you made it simple. thank you very much.
I cannot get this to work I did all the above but still cannot
Everything worked great. Thanks Jonathan.
When I try to change the ssh_config it says I don’t have permission to do this. The permissions are set to allow me to read/write, any ideas?
Try using it with sudo. If that doesn’t work, you need an account in the admin group.
As stated above, gedit is a graphical text editor. Open as root with gksudo gedit…
Pingback: Learning Deployment - The Rails Way techBlog | techBlog
Pingback: If your Linux-based PC with NVIDIA graphics started booting to a black screen or text only, here is the fix — maybe! « The Michigan Telephone blog
Pingback: Basic SSH Setup On Ubuntu 10.04 Lucid Lynx Using OpenSSH Server « 海天一色網誌
I have ubuntu on a virtual machine. Can you direct me on how shall i go about establishing ssh connection in such a case.
I think the best thing to do would be to set up your virtual machine to use a bridged network adapter (so it gets an IP address on the same network segment as your host machine), and then set up the virtual machine as a typical SSH server.
Pingback: Андрей Каплуненко » Включаем Remote Desktop в Ubuntu 10.10