SSH Ubuntu

A step-by-step guide to enabling and configuring SSH on Ubuntu, including how to change the default port:

Enabling SSH on Ubuntu
  1. Install OpenSSH Server (if not already installed):
    • sudo apt update
    • sudo apt install openssh-server
  2. Verify SSH Service Status:
    • sudo systemctl status ssh
      • If active, you'll see `active (running)`.
  3. Enable SSH to Start on Boot (if not already enabled):
   sudo systemctl enable ssh
 
Changing the Default SSH Port (Optional)
  1. Edit the SSH Config File:
    • sudo nano /etc/ssh/sshd_config
  2. Find and Modify the Port Line:
    1. Locate the line #Port 22 (commented by default).
    2. Uncomment it and change 22 to your desired port (e.g., Port 2222):
      • Port 2222 Note: Choose a port between 1024 and 65535 (avoid well-known ports like 80, 443)
  3. Restart SSH Service:
        sudo systemctl restart ssh
    4. Verify the New Port:
    ss -tulnp | grep ssh
 Output should show SSH listening on the new port (e.g., 2222).

Firewall Configuration (UFW)

If using UFW, allow the new SSH port: 
  1. Allow the Port:
   sudo ufw allow 2222/tcp

    2. Disable Old Port (if changed from 22):
     sudo ufw deny 22/tcp

    3. Reload UFW:
    sudo ufw reload
   ```

Connecting to SSH
Default Port (22):

  ssh username@server_ip

Custom Port (e.g., 2222):

  ssh -p 2222 username@server_ip

Security Recommendations
 
1. Disable Root Login:
   In /etc/ssh/sshd_config, set:

   PermitRootLogin no


2. Use SSH Key Authentication (disable passwords if possible):

   PasswordAuthentication no


3. Restrict User Access:
     AllowUsers your_username


4. Restart SSH After Changes:
    sudo systemctl restart ssh

Troubleshooting
- If SSH Fails:
  - Check logs: sudo tail -f /var/log/auth.log
  - Verify port is open:sudo ufw status