How to Set Up a Secure SSH Server on Ubuntu: A Step-by-Step Guide

How to Install Kali Linux: A Step-by-Step Guide
How to Install Kali Linux: A Step-by-Step Guide

In today’s connected world, secure remote access to servers is crucial for system administrators, developers, and cybersecurity professionals. One of the most commonly used methods for this is SSH (Secure Shell), a network protocol that provides secure access over unsecured networks. Setting up a secure SSH server on Ubuntu helps you manage your server remotely, whether it’s for software development, maintenance, or security purposes.

In this guide, we’ll walk you through the process of setting up and securing an SSH server on Ubuntu, with clear, step-by-step instructions. By the end, you’ll have a fully functional and secure SSH environment that’s ready for use.

What Is SSH and Why Is It Important?

SSH, or Secure Shell, is a cryptographic network protocol designed to enable secure communication over an unsecured network. It is most often used for:

  • Remote server access: Allows system administrators to log into servers securely.
  • File transfers: Using SCP (Secure Copy) or SFTP (SSH File Transfer Protocol).
  • Running commands remotely: Admins can manage servers without needing physical access.

SSH is critical because it encrypts data, making it nearly impossible for malicious actors to intercept passwords, commands, or data being transmitted. For any Linux-based server, setting up SSH is one of the first tasks, and securing it is equally important.

Prerequisites

Before setting up the SSH server, ensure you meet the following requirements:

  1. A running Ubuntu system: This guide is based on Ubuntu 20.04, but the steps should be similar for other versions.
  2. Root or sudo access: You’ll need administrative privileges to install and configure SSH.
  3. An internet connection: Required for downloading and installing the necessary packages.

Step 1: Install SSH Server on Ubuntu

By default, SSH might not be installed on your Ubuntu system. You can install it easily by following these steps:

  1. Update the package list:
    Start by updating the package repository to ensure that you have the latest versions available.
   sudo apt update
  1. Install the OpenSSH server:
    The OpenSSH server package provides the SSH protocol functionality. To install it, run the following command:
   sudo apt install openssh-server
  1. Check the SSH service status:
    Once installed, you can check if SSH is running using:
   sudo systemctl status ssh

If it’s running, you should see a message indicating that the service is active. If not, start the SSH service with:

sudo systemctl start ssh

Step 2: Basic SSH Server Configuration

Now that SSH is installed and running, it’s time to configure it. The main configuration file for the SSH server is located at /etc/ssh/sshd_config. To make changes, you’ll need to edit this file:

  1. Open the configuration file:
   sudo nano /etc/ssh/sshd_config
  1. Set the port number (optional):
    By default, SSH runs on port 22, which is well known and often targeted by attackers. To enhance security, you can change the port number to something less common:
   Port 2222

This change reduces the chances of automated attacks that target default ports.

  1. Disable root login:
    Logging in as the root user over SSH is a significant security risk. You can disable it by finding the line:
   PermitRootLogin yes

And changing it to:

   PermitRootLogin no
  1. Limit user access:
    If you want only certain users to be able to access your server via SSH, you can specify which users are allowed to log in by adding:
   AllowUsers username1 username2
  1. Save and exit:
    After making the changes, save the file by pressing Ctrl + X, followed by Y, and then press Enter.
  2. Restart the SSH service:
    For the changes to take effect, restart the SSH server:
   sudo systemctl restart ssh

Step 3: Secure SSH with Key-Based Authentication

Password-based authentication, while convenient, is less secure than key-based authentication. SSH keys are more resistant to brute force attacks and provide an added layer of security.

Step 3.1: Generate SSH Key Pair

To use key-based authentication, you first need to generate a pair of keys (private and public). Here’s how you can generate them:

  1. On the client machine, open a terminal and run the following command:
   ssh-keygen -t rsa -b 4096

You will be prompted to choose a location to save the key and to set a passphrase for additional security.

  1. Copy the public key to the Ubuntu server using:
   ssh-copy-id username@server_ip_address

Replace username and server_ip_address with your actual login details. This command will add the public key to the server’s ~/.ssh/authorized_keys file.

Step 3.2: Disable Password-Based Authentication

Once you have SSH key authentication working, it’s a good idea to disable password-based authentication entirely:

  1. Open the SSH configuration file:
   sudo nano /etc/ssh/sshd_config
  1. Find the line PasswordAuthentication yes and change it to:
   PasswordAuthentication no
  1. Save the file and restart the SSH service:
   sudo systemctl restart ssh

Now, your server will only accept SSH key-based logins, which makes it significantly more secure.

Step 4: Additional Security Tips

Securing your SSH server doesn’t end with key-based authentication. Here are a few additional tips to further harden your setup:

  1. Enable UFW (Uncomplicated Firewall):
    Ubuntu comes with a built-in firewall tool called UFW. You can enable it and allow your chosen SSH port:
   sudo ufw allow 2222/tcp
   sudo ufw enable
  1. Use Fail2Ban:
    Fail2Ban is a tool that monitors SSH logs for failed login attempts and bans IPs that appear to be engaging in brute force attacks.
   sudo apt install fail2ban

Once installed, it automatically protects your server.

  1. Limit login attempts:
    Another option is to limit the number of SSH login attempts to reduce the risk of brute force attacks. You can adjust the settings by adding this line to your SSH configuration file:
   MaxAuthTries 3

Conclusion

Setting up a secure SSH server on Ubuntu is an essential step for managing your server remotely. By following this guide, you’ve not only learned how to install and configure SSH, but also how to enhance its security using best practices like key-based authentication, custom ports, and limiting user access.

Remember, security is an ongoing process. Regularly review your SSH configurations, apply updates, and stay informed about new vulnerabilities. With a secure SSH setup, you can confidently manage your Ubuntu server from anywhere while minimizing security risks.


Leave a Comment