Basic SSH Setup On Ubuntu 10.04 Lucid Lynx Using OpenSSH Server



One of Linux’s more useful features is its ability to permit secure, encrypted remote access. Secure Shell technology (SSH) permits you to control a remote computer without having actual physical access to the machine. SSH’s network traffic is encrypted, and assuming you configure SSH correctly, quite secure.  Ubuntu Linux has always had strong support for SSH, and Lucid Lynx 10.04 is no different. You can use an SSH implementation called OpenSSH Server to remotely, securely access your machine.

Here’s how to install and perform a basic security configuration of OpenSSH Server on Ubuntu 10.04 Lucid Lynx.

First, you’ll need to install OpenSSH Server. To do so, open up a Terminal window and type the following command:

sudo apt-get install openssh-server

apt-get will then download and install OpenSSH Server. Depending upon the speed of your computer and Internet connection, the installation may take several minutes.

Once the installation has finished, return to the Terminal. We’ll need to make a few changes to your /etc/ssh/sshd_config file in order to increase SSH’s security. First, however, we’ll want to make a backup copy of your sshd_config file in case anything goes wrong. Type this command into the Terminal:

sudo cp /etc/ssh/sshd_config ~

This will make a backup copy of the sshd_config file in your home directory.

Next, we’ll need to edit the sshd_config file itself:

sudo gedit /etc/ssh/sshd_config

(Obviously you can use vi or emacs or the editor of your choice instead, though newer Linux users tend to find gedit’s GUI easier to use.)

Once you’re editing the file, you’ll want to add the following two directives to the end of the file:

PermitRootLogin no

AllowUsers USERNAME

PermitRootLogin no will block root from logging in via SSH. It’s best to never enable root SSH access, since if an attacker happens to figure out the root password, he or she will have total remote control over your system.

AllowUsers adds an additional layer of protection by only allowing specific users to connect via SSH. For instance, if you wanted only users test1 and test2 to have SSH access, you would set AllowUsers as AllowUsers test1 test2.

You may also want to consider changing the Ports directive. By default SSH runs over TCP/IP port 22, which means that any malware bot autoscanning port 22 can target it. Changing the Ports directive to something different will make SSH run over a different, blocking some of those automated cracking attempts.

Once you have finished changing your settings, save the sshd_config file, and restart the SSH daemon with this command:

sudo /etc/init.d/ssh restart

You should now be able to SSH into your Ubuntu Lucid Lynx machine from another system with an SSH client.

-JM

ADDITIONAL READING:

The Ubuntu Beginner’s Guide

The Ubuntu Desktop Beginner’s Guide.

This entry was posted in Linux. Bookmark the permalink.

25 Responses to Basic SSH Setup On Ubuntu 10.04 Lucid Lynx Using OpenSSH Server

  1. srinivas says:

    I just installed ubuntu 10.04 on my PC and found SSH server is not install on my PC. i also tried running # sudo apt-get install openssh_server command; but this is not working. can anyone suggest me how to setup SSH on my PC.

  2. ELReyLInux says:

    I think you have the command wrong. It’s # sudo apt-get install openssh-server.

  3. Jack Hammer says:

    @srinivas

    Make sure you’re typing it correctly:

    openssh-server (hyphen–not underscore)

    Hope that helps.

  4. WillB says:

    Worked great for me! Thanks! I also appreciate the SSH security warning info. That alone gives me extra work to go back and do on may things…

  5. Jonathan Moeller says:

    Glad it helped!

  6. Bryce says:

    Thanks for this Jonathan! Not even my Linux-confident nerd friend knew how to set this up properly :)

  7. Max says:

    When i use sudo gedit /etc/ssh/sshd_config

    i’ve got this message:
    (gedit:1898): Gtk-WARNING **: cannot open display:

    any clue of what that mean?

    Max

  8. elijahmuha says:

    Thanks so much. This worked flawlessly for me!

  9. Mike Miller says:

    Max,

    It means that you aren’t running in graphics mode. Gedit is a graphical text editor.

    Start graphics mode or use a terminal editor like nano or vim to edit the file.

  10. Dipp says:

    Hi!

    thanks for this guide however when i try to login via ssh, my password is not being accepted.

    i followed the allowusers user1 user2.
    passwords are correctly typed.

    any info is much appreciated.

  11. Dipp says:

    Hello again. I just checked the account settings..the logins account i set for ssh were under Custom, i can see also in the advanced settings that there is an SSH option for the main group. ill try this again later on.

    thanks!

  12. Brad says:

    A VERY good walkthrough and explanation. It worked perfectly, and I even learned a bit about SSH security. Thanks a ton!

  13. anil-bhu says:

    thank u it wrked well

  14. Cliff says:

    Dude,
    after searching for a decent noob tutorial on SSH, I stumbled upon yours. Just fracking awesome. you made it simple. thank you very much.

  15. Pat says:

    I cannot get this to work I did all the above but still cannot

  16. bryan says:

    Everything worked great. Thanks Jonathan.

  17. alex says:

    When I try to change the ssh_config it says I don’t have permission to do this. The permissions are set to allow me to read/write, any ideas?

  18. Jonathan Moeller says:

    Try using it with sudo. If that doesn’t work, you need an account in the admin group.

  19. Miles says:

    As stated above, gedit is a graphical text editor. Open as root with gksudo gedit…

  20. Pingback: Learning Deployment - The Rails Way techBlog | techBlog

  21. Pingback: If your Linux-based PC with NVIDIA graphics started booting to a black screen or text only, here is the fix — maybe! « The Michigan Telephone blog

  22. Pingback: Basic SSH Setup On Ubuntu 10.04 Lucid Lynx Using OpenSSH Server « 海天一色網誌

  23. akhil says:

    I have ubuntu on a virtual machine. Can you direct me on how shall i go about establishing ssh connection in such a case.

  24. Jonathan Moeller says:

    I think the best thing to do would be to set up your virtual machine to use a bridged network adapter (so it gets an IP address on the same network segment as your host machine), and then set up the virtual machine as a typical SSH server.

  25. Pingback: Андрей Каплуненко » Включаем Remote Desktop в Ubuntu 10.10