Secure Shell (SSH) is a network protocol used for secure communication between a client and a server. Every communication between server and client is encrypted.
This article explains how to enable SSH on an Ubuntu machine.
Enabling SSH will allow you to remotely connect to your system and perform administrative tasks. You will also be able to transfer files securely via scp and sftp.
Enabling SSH on Ubuntu
By default, when you first install Ubuntu, remote SSH access is denied. Enabling SSH on Ubuntu is pretty straightforward.
Follow these steps as root or user with sudo privileges to install and enable SSH on your Ubuntu system:
- Open a terminal with Ctrl + Alt + T and install the openssh-server package:
sudo apt update sudo apt install openssh-server
When prompted, enter your password and press Enter to proceed with the installation.
- After the installation is complete, the SSH service will start automatically. You can check if SSH is working by typing:
sudo systemctl status ssh
The output should indicate that the service is started and enabled on system boot:
● ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2020-06-01 12:34:00 CEST; 9h ago ...
Press q to return to the command line prompt.
- Ubuntu comes with a firewall configuration utility called UFW. If your system has a firewall enabled, be sure to open the SSH port:
sudo ufw allow ssh
All! You can now connect to your Ubuntu system via SSH from any remote computer. SSH clients are installed by default on Linux and macOS systems. To connect from a Windows computer, use an SSH client such as PuTTY.
Connecting to SSH Server
To connect to your Ubuntu machine over a local network, invoke the ssh command followed by the username and IP address in the following format:
ssh [email protected]_address
Make sure you change the username and ip_address of the Ubuntu machine on which you installed SSH.
If you don’t know your IP address, you can easily find it using the ip command:
Once you find the IP address, log into the remote computer by running the following ssh command:
When you connect for the first time, you will see the following message:
The authenticity of host '10.0.2.15 (10.0.2.15)' can't be established. ECDSA key fingerprint is SHA256:Vybt22mVXuNuB5unE++yowF7lgA/9/2bLSiO3qmYWBY. Are you sure you want to continue connecting (yes/no)?
Enter yes and you will be prompted for a password.
Warning: Permanently added '10.0.2.15' (ECDSA) to the list of known hosts. [email protected]'s password:
After you enter your password, you will be greeted with the default Ubuntu message:
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-26-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage ...
You are logged in to your Ubuntu machine.
Connecting to SSH after NAT
To connect to your Ubuntu home machine over the Internet, you need to know your public IP address and configure your router to accept data on port 22 and send it to the Ubuntu system where SSH is running.
In order to determine the public IP address of the computer that you are trying to SSH to, simply go to the following link: https://api.ipify.org.
When it comes to setting up port forwarding, every router has its own way of setting up port forwarding. You should consult your router documentation on how to set up port forwarding. In short, you need to enter the port number where requests will go (by default SSH port is 22) and the private IP address that you found earlier (using the ip command) of the computer that is running SSH.
After finding the IP address and configuring the router, you can log in by typing:
ssh username[email protected]_ip_address
If you are connecting your machine to the Internet, it is recommended that you take some security measures. The easiest way is to configure your router to accept SSH traffic on a non-standard port and forward it to port 22 on the computer that is running the SSH service.
You can also set up SSH key based authentication and connect to your Ubuntu machine without entering a password.
Disable SSH in Ubuntu
To disable the SSH server on your Ubuntu system, simply stop the SSH service by running:
sudo systemctl disable --now ssh
Later, to enable it, enter:
sudo systemctl enable --now ssh
We showed you how to install and enable SSH on your Ubuntu 20.04. You can now log in to your computer and perform the day to day tasks of the system administrator through the command line.
If you are managing multiple systems, you can simplify your workflow by defining all of your connections in an SSH config file. Changing the default SSH port adds an extra layer of security to your system, reducing the risk of automated attacks.
If you have any questions, please leave a comment below.