SSH, or Secure Shell, is a protocol used to securely log onto remote systems. It is the most common way to access remote Linux and Unix-like servers, such as VPS instances. In this guide, we will discuss how to use SSH to connect to a remote system I’ll be logged in as root.
Set up SSH server on Ubuntu 16.04
Step 1 – Update repositories.
Step 2 – Install SSH Server
Step 3 – After installation I will show how to configure ssh server. Open ssh config file with the following command:
Step 4 – If you want to change ssh port you have to find ‘Port’ line and change the number of the port. For example I will change to 22222.
Step 5 – I will set max login attempts to be 3. After 3 wrong login attempts you will disconect. This is very important for security of your server and this can be used for prevention from brute force attack (see my Theme 4). Add this line bellow Port:
Step 6 – Allow certain users to login on your server and deny all other users. I will add ‘zimbra’ users because my Zimbra Mail Serve should have access. For more information about Zimbra Mail Server configuration read theme 12. Add the following line at the end of the file and after that save the file /etc/ssh/sshd_config.
Step 7 – Restart ssh service with the following command:
Step 8 – Show ssh status with systemctl status ssh
Now only this two users will have access to your server.
I will show you How To Configure SSH Key-Based Authentication on a Linux Server
In my opinion this is the best way to protect from unauthorised access to your server. Unfortunately this is not the most convenient one, because you have to bring the key with you. My advice is to use the configuration shown above.
Step 9 – Create folder, change permission and navigate to new folder with the following commands:
Step 10 – Create folder, change permission and navigate to new folder with the following commands:
Step 11 – Show new files.
Step 12 – Generate Keys – If you ‘Enter passphrase’ you must remember it and use it in the following steps:
Step 13 – Append the public key to authorized_keys and remove the uploaded copy.
Step 14 – Edit the ssh server config file with nano /etc/ssh/sshd_config to make sure that public key authentication is enabled (it should be enabled by default):
Step 15 – These entries must be set to YES.
Step 16 – The following settings should be set to NO:
Step 17 – Restart ssh service with the following command:
Step 18 – Now you must get private key code.
Step 19 – Paste in notepad and save without extension
Step 20 – When you connect to your server you must browse your ‘id_rsa.ppk’ file in putty.