One of Linux’s more useful features is its ability to permit secure, encrypted remote access. Secure Shell technology (SSH) permits you to control a remote computer without having actual physical access to the machine. SSH’s network traffic is encrypted, and assuming you configure SSH correctly, quite secure. Ubuntu Linux has always had strong support for SSH, and Lucid Lynx 10.04 is no different. You can use an SSH implementation called OpenSSH Server to remotely, securely access your machine.
Here’s how to install and perform a basic security configuration of OpenSSH Server on Ubuntu 10.04 Lucid Lynx.
First, you’ll need to install OpenSSH Server. To do so, open up a Terminal window and type the following command:
sudo apt-get install openssh-server
apt-get will then download and install OpenSSH Server. Depending upon the speed of your computer and Internet connection, the installation may take several minutes.
Once the installation has finished, return to the Terminal. We’ll need to make a few changes to your /etc/ssh/sshd_config file in order to increase SSH’s security. First, however, we’ll want to make a backup copy of your sshd_config file in case anything goes wrong. Type this command into the Terminal:
sudo cp /etc/ssh/sshd_config ~
This will make a backup copy of the sshd_config file in your home directory.
Next, we’ll need to edit the sshd_config file itself:
sudo gedit /etc/ssh/sshd_config
(Obviously you can use vi or emacs or the editor of your choice instead, though newer Linux users tend to find gedit’s GUI easier to use.)
Once you’re editing the file, you’ll want to add the following two directives to the end of the file:
PermitRootLogin no will block root from logging in via SSH. It’s best to never enable root SSH access, since if an attacker happens to figure out the root password, he or she will have total remote control over your system.
AllowUsers adds an additional layer of protection by only allowing specific users to connect via SSH. For instance, if you wanted only users test1 and test2 to have SSH access, you would set AllowUsers as AllowUsers test1 test2.
You may also want to consider changing the Ports directive. By default SSH runs over TCP/IP port 22, which means that any malware bot autoscanning port 22 can target it. Changing the Ports directive to something different will make SSH run over a different, blocking some of those automated cracking attempts.
Once you have finished changing your settings, save the sshd_config file, and restart the SSH daemon with this command:
sudo /etc/init.d/ssh restart
You should now be able to SSH into your Ubuntu Lucid Lynx machine from another system with an SSH client.