- Published on : 08 March 2014 at 19:32 UTC
- By Lionel Eppe
- Define a static IP address
- Updating the package list
- Install SSH server (openssh-server)
- Configuring the SSH Server (Optional)
- Secure yout SSH server
- Connect to the server via SSH
- Enable the firewall
Since our Ubuntu machine will act as server, it's strongly recommended him to set a static IP address.
To do this, read our tutorial "Ubuntu - Define a private static IP address".
For safety, we put first update the package list and then to retrieve the latest version of the SSH server.
sudo apt-get update
Instal the SSH server.
sudo apt-get install openssh-server
Now that the SSH server is installed, you can remotely connect to your Ubuntu machine via accounts enabled on this machine.
By default, the root account is disabled in Ubuntu but it can be used for SSH connection if it is enabled.
To enable the root account, follow our tip "Ubuntu - Enable the root account".
To configure the SSH server, you must edit the configuration file "sshd_config" found in the file "/etc/ssh/".
Locate the "Authentication" and change if necessary the 2 following informations :
# The time a user has to log on after this time the server will cut the connection.
# If you want to disable this period and allow the user to take his time, he must set this parameter to 0
# The default is 120 seconds (2 minutes) LoginGraceTime 120 # Allow or disallow the use of the root account for SSH connection
# Prevent use the root account for the connection may be a safety measure to prevent a hacker connects remotely with this account and have all the rights on the Ubuntu server. PermitRootLogin yes # To enable connection to the server using the root account without a password, you must set the parameter above to "without-password".
# WARNING: The root account has full rights on your server and the user logs in with that account can therefore do whatever he wants.
# This parameter is used only during testing but it should never be used in production. PermitRootLogin without-password
To secure SSH, we recommend that you change the server port and prohibit the use of the root account (which has the power of life and death on your server) to connect to the server through SSH.
To do this, create a new user :
Then, enable root account on the server to use it using the command "su -".
Then, edit the configuration file "/etc/ssh/sshd_config" of the SSH server, like this :
# Change the port of the server (as everyone knows) Port 2222 # Disable the connection with the root user PermitRootLogin no # And add a list of authorized users (separated by a space) AllowUsers informatiweb
Finally, restart the ssh server to reflect the changes.
sudo service ssh restart
To connect to the SSH server, nothing more simple. Simply download an SSH client for your operating system and connect to your server by its IP address (or domain name if applicable). Then log in with the accounts of the Ubuntu server or the root account if you have allowed in the configuration of the SSH server (by default its use is permitted by the SSH server, but the account is disabled in Ubuntu).
# Login ssh email@example.com # Logout exit
If you want to enable the firewall Ubuntu, make sure to allow the SSH server in the firewall before activating.
Otherwise, your SSH connection will be terminated and you will not know to access your server remotely.
To know the name of an application, just type the following command :
sudo ufw app list
Now you know that the SSH server is called "OpenSSH". To allow this, type this :
sudo ufw allow "OpenSSH"
To be sure that "OpenSSH" is authorized, simply retype the command above. Ubuntu you should now see this :
Missed adding the existing rule
Missed adding the existing rule (v6)
You can now activate the firewall using the command :
sudo ufw enable
If you use this command remotely via your SSH connection, you will need to meet more "y" to the following question :
The command can interrupt existing ssh connections. Perform the operation (y|n) ?