The ProtocolSSH(acronym forSecure) is the industry standard for secure remote access to Linux/Unix servers. This client-server protocol allows you to execute commands and manage remote files in total security. The demon responsible for this service is calledSSHDand, by default, stays listening ontCP port 22in operating systems like Ubuntu. Thanks to the powerful suiteOpenSSH, system administrators can permanently abandon obsolete and insecure protocols asrsh, telnetandftp, ensuring end-to-end encrypted communications immune to network interceptions.
Prepare Ubuntu
The very first operation to be performed beforeinstall SSH on Ubuntuis the update of the package listaptto the latest releases. This step guarantees stability and prevents software conflicts. Open the terminal and type the following command:
sudo apt update && sudo apt upgradeInstall SSH on Ubuntu
As a rule, the OpenSSH server package is not preinstalled on the Desktop versions of the operating system. We then proceed with manual installation by typing in the terminal:
sudo apt install openssh-serverThe system will start downloading and installing the necessary dependencies. Confirm by responding “Yes” (or “Y”) to the various system prompts to conclude the process.
Start SSH
Once the installation is finished, it is essential to enable and start the SSHD service in the background using the management toolsystemctl:
sudo systemctl enable --now sshAdding the key--nowis an extremely useful shortcut: it immediately starts the demon and, at the same time, enables it to start automatically at every restart of the system.
To ensure that the OpenSSH service is effectively enabled and functions without errors, make a quick state verification:
sudo systemctl status sshIf everything went well, the output will show the wordingActive: active (running). PressQon the keyboard to exit the status screen.
If you have to stop remote access to the server for maintenance or security reasons, you can easily disable the service like this:
sudo systemctl disable sshThis command disables the service and prevents it from automatically switching on the machine.
Configure firewall
Before attempting any external connection via SSH, you must check that the machine firewall is configured to accept incoming requests. For detailed information on safety criteria, see theubuntu official documentation on UFW.
In our case, we will use UFW (Uncomplicated Firewall), the Ubuntu standard. We carry out state control:
sudo ufw statusIn the output generated, you should confirm that SSH traffic is allowed (ALLOW). If you do not see rules for port 22 or for OpenSSH profile, you must allow incoming connections by entering this instruction:
sudo ufw allow sshConnect to the server
After configuring the daemon and firewall, your server is finally ready to receive connection requests from remote clients.
To establish the link, you will need three elements: the protocol, the IP address of the server (or its domain name) and the username enabled to access the remote server.
From the terminal of your local computer, type the command respecting the following syntax:
ssh username@indirizzo_IPAlternatively, if a valid web domain is associated with the server:
ssh username@dominioFAQ – Frequently Asked Questions about SSH and Ubuntu
1. What is the default port of SSH and why change it?
The default port assigned to the SSH protocol isTCP 22. Many system administrators and devOps prefer to change it by acting on the file/etc/ssh/sshd_config. Changing port is a useful strategy to evade automated network scans and mitigate access attemptsbrute-forceaddressed to standard services.
2. What is the substantial difference between SSH and Telnet?
The main difference is security.Telsends data packages (including username and password) in clear (plaintext), making them vulnerable to theft throughpacket sniffing. SSH, on the contrary, creates a virtual tunnel based on strong encryption, ensuring that no one can intercept or manipulate the traffic exchanged between client and server.
3. How can I increase the security of my OpenSSH server?
To arm your Ubuntu server, it is highly recommended to disable direct access to the administrator user by changing the directive inPermitRootLogin no. In addition, disable authentication by traditional password in favor of using apair of SSH cryptographic keys (public/private)ensures that only authorized computers with the correct certificate can login.
