How To Ssh Into Ubuntu Server

How To Ssh Into Ubuntu Server

Reading time1 min
#Linux#Server#Security#SSH#Ubuntu#Sysadmin

Mastering Secure SSH Access to Your Ubuntu Server in Minutes

Understanding how to securely SSH into an Ubuntu server is crucial for efficient remote management and safeguarding sensitive data from unauthorized access. SSH (Secure Shell) is the backbone of managing cloud infrastructure and remote Linux systems, allowing you to execute commands, transfer files, and maintain your server without physically accessing it.

Most guides focus on basic SSH commands, but mastering secure access methods—like key-based authentication and configuration tweaks—to harden your Ubuntu server is what truly sets you apart as a savvy sysadmin or developer. In this post, we’ll go beyond the simple ssh user@host connection and explore practical, step-by-step ways to establish secure, reliable SSH access quickly.

Why Secure SSH Access Matters

Before diving into commands, it’s important to understand why securing your SSH is not just recommended but essential. By default, SSH allows password-based logins which hackers can target using brute-force or credential stuffing attacks. If compromised, your entire server is at risk.

Implementing secure practices like:

  • Using SSH key-based authentication
  • Disabling password logins
  • Changing the default SSH port
  • Enforcing strong security policies

provides a strong defense line that helps protect your Ubuntu server from unauthorized access.

Step 1: Install and Configure OpenSSH Server on Ubuntu

If you’re starting with a fresh Ubuntu server installation or cloud instance, first ensure that the OpenSSH server package is installed:

sudo apt update
sudo apt install -y openssh-server

You can check that the SSH daemon is running with:

sudo systemctl status ssh

If needed, start and enable it to launch on boot:

sudo systemctl start ssh
sudo systemctl enable ssh

Your default SSH configuration file lives here:

/etc/ssh/sshd_config

Step 2: Generate an SSH Key Pair on Your Local Machine

Instead of relying on passwords, generate a key pair that will uniquely identify you when logging in.

On your local machine (Linux/macOS), run:

ssh-keygen -t ed25519 -C "your_email@example.com"
  • -t ed25519 chooses a modern encryption algorithm.
  • You can also use RSA (-t rsa) for older systems.
  • Follow prompts; it will save keys in ~/.ssh/id_ed25519 by default.
  • You can set a passphrase for extra security (recommended).

Step 3: Copy Your Public Key to the Ubuntu Server

Transfer your public key (id_ed25519.pub) to the server’s authorized keys file using ssh-copy-id for convenience:

ssh-copy-id username@your_server_ip

Alternatively, manually append the content of your public key to ~/.ssh/authorized_keys on the server:

  1. Connect using password temporarily:

    ssh username@your_server_ip

  2. Create .ssh directory if it doesn't exist:

    mkdir -p ~/.ssh && chmod 700 ~/.ssh

  3. Append your public key:

    echo "your-public-key-content" >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys

Now try logging in with:

ssh username@your_server_ip

It should no longer ask for a password but use your private key instead.

Step 4: Harden Your SSH Server Configuration

Edit /etc/ssh/sshd_config on the server to enforce best practices.

Open with:

sudo nano /etc/ssh/sshd_config

Look for and adjust or add these directives:

# Disable root login over SSH (prevents direct root access)
PermitRootLogin no

# Allow only key-based authentication:
PasswordAuthentication no

# Optional: Change default port to something less predictable (e.g., 2222)
Port 2222

# Use only modern protocols (SSH protocol 2)
Protocol 2

# Disable empty passwords just in case:
PermitEmptyPasswords no

# Limit user logins if desired:
AllowUsers username

# Set idle timeout (optional):
ClientAliveInterval 300 
ClientAliveCountMax 0

After saving changes, restart SSH:

sudo systemctl restart ssh

If you changed the port (e.g., to 2222), connect using:

ssh -p 2222 username@your_server_ip

Step 5: Test Your Setup & Troubleshoot

  1. Open a new terminal session before closing existing connections.
  2. Attempt connection using keys only.
  3. If locked out due to config errors:
    • Use cloud provider console or direct access.
    • Check /var/log/auth.log for hints.
    • Restore backup of sshd_config.

Bonus Tips: Enhancing Secure Access Further

  • Use Fail2ban: Automatically bans IPs attempting repeated failed connections.

    sudo apt install fail2ban
sudo systemctl enable fail2ban --now

  • Set up Two-Factor Authentication with Google Authenticator

  • Use VPNs or IP Whitelisting for additional layers

Summary

Mastering secure SSH access means more than just connecting — it’s about protecting your entry point with robust methods such as key-based authentication and savvy configuration tweaks. This approach will save you hours of headaches and elevate your infrastructure security from day one.

By following this guide you should now confidently be able to:

  • Generate and deploy SSH keys
  • Configure OpenSSH securely on Ubuntu
  • Harden your server against common attack vectors

Keep practicing these fundamentals and explore further as managing remote servers becomes second nature.

Feel free to drop questions below or share how you customize your secure SSH workflow! Happy sysadmin-ing! 🚀

Related Articles

How To Install Ssh Ubuntu

Mastering Secure Access: Step-by-Step Guide to Installing and Configuring SSH on Ubuntu

1 min

How To Setup Ubuntu Server

Mastering Minimalist Ubuntu Server Setup for Maximum Efficiency

1 min

How To Ssh In Ubuntu

Mastering Secure SSH Access in Ubuntu: A Step-by-Step Guide

1 min
← Back to Blog