How To Ssh In Ubuntu

How To Ssh In Ubuntu

Reading time1 min
#Ubuntu#SSH#Security#OpenSSH#Sysadmin#Linux

Mastering Secure SSH Access in Ubuntu: A Step-by-Step Guide

Forget hacking tutorials—this guide flips the script by focusing on bulletproof SSH setup practices that even seasoned sysadmins often overlook, transforming your Ubuntu server access from a vulnerability into your strongest security pillar.

Secure Shell (SSH) is the backbone for remote management of Ubuntu servers. Whether you’re a developer needing seamless control over your environment or a system administrator tasked with safeguarding critical infrastructure, mastering SSH access is non-negotiable. Improper SSH configuration can leave your server wide open to attack, while a well-hardened SSH setup provides a robust security foundation.

In this practical, step-by-step guide, you’ll learn how to set up and secure SSH access on an Ubuntu server—from installation through advanced hardening techniques—so you can confidently manage your systems without fear.

Step 1: Install and Confirm SSH Server on Ubuntu

If you’re running an Ubuntu server, the first step is to ensure OpenSSH Server is installed. It’s the standard tool that allows encrypted remote login.

sudo apt update
sudo apt install openssh-server

Once installed, check if the SSH service is running:

sudo systemctl status ssh

You should see active (running). If not, start it:

sudo systemctl start ssh

And enable it to launch at boot:

sudo systemctl enable ssh

Step 2: Connect via SSH – Basic Usage

From your local machine (Linux/macOS terminal or Windows PowerShell with OpenSSH), connect using:

ssh username@server_ip_address

For example:

ssh alice@192.168.1.50

You’ll be prompted for your user password on the remote machine.

Step 3: Set Up SSH Key-Based Authentication (Recommended)

Passwords are vulnerable to brute-force attacks. Key-based authentication is more secure and convenient once set up.

Generate an SSH key pair on your local machine:

ssh-keygen -t ed25519 -C "your_email@example.com"
  • Choose a strong passphrase.
  • By default, keys are saved to ~/.ssh/id_ed25519 (private) and ~/.ssh/id_ed25519.pub (public).

Copy the public key to your Ubuntu server:

ssh-copy-id username@server_ip_address

Alternatively, manually append the contents of your id_ed25519.pub file to ~/.ssh/authorized_keys on the server.

Test key login:

Now attempt login again:

ssh username@server_ip_address

If successful, it won’t ask for a password but may prompt for your key’s passphrase.

Step 4: Disable Password Authentication for Extra Security

Once key-based authentication works, improve security by disabling password logins entirely.

Edit the SSH daemon config file:

sudo nano /etc/ssh/sshd_config

Find and update these lines:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM no

Note: If you use PAM for other services, make sure “UsePAM no” won’t break them.

Save changes and restart SSH service:

sudo systemctl restart ssh

Now only machines with valid private keys can connect.

Step 5: Change Default SSH Port from 22 (Optional but Recommended)

Attackers often scan port 22 broadly; changing to a custom port reduces noise and automated attacks.

In /etc/ssh/sshd_config, find this line:

#Port 22

Uncomment it and choose another port number—e.g., 2222:

Port 2222

Restart SSH again:

sudo systemctl restart ssh

Remember to specify port when connecting later:

ssh -p 2222 username@server_ip_address

Adjust firewalls accordingly to allow traffic on your new port.

Step 6: Use Fail2ban or Similar Tools to Block Repeated Failed Logins

Brute-force attempts can still target your open ports. Install Fail2ban to automatically ban IPs showing malicious behavior.

sudo apt install fail2ban
sudo systemctl enable --now fail2ban

Fail2ban’s default configs monitor sshd logs and block repeat offenders via iptables automatically—a great hands-off layer of protection.

Step 7: Harden Your Server with Additional Tips

  • Limit user logins
    In /etc/ssh/sshd_config, add:

    AllowUsers alice bob   # only allow these users to SSH in

  • Disable root login
    Prevent direct root access:

    PermitRootLogin no

  • Set idle timeout
    Automatically disconnect inactive sessions:

    ClientAliveInterval 300   # seconds before checking client alive status 
ClientAliveCountMax 0     # drop connection after first failed check

  • Use strong ciphers only
    Modern OpenSSH versions default well but confirm or customize in the config:

    Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com

Wrapping Up

Mastering secure SSH access truly means going beyond just installing OpenSSH—you must think like an attacker and close all entry points while enabling efficient usage for yourself. Start with installing properly, shift away from password logins towards keys, lock down configuration options, monitor failed attempts automatically, and maintain good habits updating keys and software regularly.

Apply these best practices today on your Ubuntu servers; transform what could be a glaring vulnerability into an unbreakable gateway of control. Your next remote session will not just connect—it will securely connect.

Ready to level up? Experiment with multi-factor authentication (MFA) for SSH next or manage authorized keys at scale with tools like Ansible!

Related Articles

How To Install Openssh On Ubuntu

Mastering OpenSSH Installation on Ubuntu: A Step-by-Step Guide for Secure Server Access

1 min

How To Ssh Into Ubuntu Server

Mastering Secure SSH Access to Your Ubuntu Server in Minutes

1 min

How To Ssh On Linux

No description

1 min
← Back to Blog