Ubuntu 16.04 LTS – How To Install and Configure SSH

SSH, or Secure Shell, is a protocol used to securely log onto remote systems. It is the most common way to access remote Linux and Unix-like servers, such as VPS instances. In this guide, we will discuss how to use SSH to connect to a remote system I’ll be logged in as root.

Set up SSH server on Ubuntu 16.04

Step 1 – Update repositories.

root@mail:/# apt-get update
root@mail:/# apt-get upgrade

Step 2 – Install SSH Server

root@mail:/# apt-get install openssh-server

Basic Configuration

Step 3 – After installation I will show how to configure ssh server. Open ssh config file with the following command:

root@mail:/# nano /etc/ssh/sshd_config

Step 4 – If you want to change ssh port you have to find ‘Port’ line and change the number of the port. For example I will change to 22222.

Port 22222

Step 5 – I will set max login attempts to be 3. After 3 wrong login attempts you will disconect. This is very important for security of your server and this can be used for prevention from brute force attack (see my Theme 4). Add this line bellow Port:

MaxAuthTries 3

Step 6 – Allow certain users to login on your server and deny all other users. I will add ‘zimbra’ users because my Zimbra Mail Serve should have access. For more information about Zimbra Mail Server configuration read theme 12. Add the following line at the end of the file and after that save the file /etc/ssh/sshd_config.

AllowUsers mslavov zimbra

Step 7 – Restart ssh service with the following command:

root@mail:/# systemctl restart ssh


root@mail:/# service ssh restart

Step 8 – Show ssh status with systemctl status ssh

Now only this two users will have access to your server.

Advanced Configuration

I will show you How To Configure SSH Key-Based Authentication on a Linux Server

In my opinion this is the best way to protect from unauthorised access to your server. Unfortunately this is not the most convenient one, because you have to bring the key with you. My advice is to use the configuration shown above.

Step 9 – Create folder, change permission and navigate to new folder with the following commands:

root@mail:/# mkdir .ssh/; chmod 700 .ssh/; cd .ssh/;

Step 10 – Create folder, change permission and navigate to new folder with the following commands:

root@mail:/.ssh# touch authorized_keys; chmod 600 authorized_keys

Step 11 – Show new files.

root@mail:/.ssh# ls -ltra

Step 12 – Generate Keys – If you ‘Enter passphrase’ you must remember it and use it in the following steps:

Step 13 – Append the public key to authorized_keys and remove the uploaded copy.

root@mail:/.ssh# cat id_rsa.pub >> authorized_keys

Step 14 – Edit the ssh server config file with nano /etc/ssh/sshd_config to make sure that public key authentication is enabled (it should be enabled by default):

root@mail:/.ssh# nano /etc/ssh/sshd_config

Step 15 – These entries must be set to YES.

RSAAuthentication yes
PubkeyAuthentication yes

Step 16 – The following settings should be set to NO:

ChallengeResponseAuthentication no
PasswordAuthentication no
UsePAM no

Step 17 – Restart ssh service with the following command:

root@mail:/.ssh# service ssh restart

Step 18 – Now you must get private key code.

root@mail:/.ssh# nano /root/.ssh/id_rsa

Step 19 – Paste in notepad and save without extension

Step 20 – When you connect to your server you must browse your ‘id_rsa.ppk’ file in putty.

7 ThemeHow to install and configure Samba Server with FULL AUDIT on Ubuntu (Server)14.04 LTS Step-by-Step

Leave a Reply

Your email address will not be published. Required fields are marked *