Secure Shell (SSH) is a protocol used to connect an SSH client to an SSH server. Its main uses include secure remote access, system management, and file transfer. Ubuntu includes the OpenSSH client (a popular SSH implementation) by default, whereas you’ll need to manually install the OpenSSH server package. You’ll need to manage related configurations like the SSH service and firewall rules afterward to start using SSH. Aside from these, we’ll also cover basic steps for getting started with SSH and common errors users face in this article. Install SSH on Ubuntu Before you install the server package, ensure your system is up-to-date with sudo apt update && sudo apt upgrade Install the OpenSSH server package with sudo apt install -y openssh-server If you need to set up the OpenSSH client on older systems, you can use sudo apt install openssh-client Verify the installation by running sudo systemctl status ssh The service status should be active (running). If not, you can manually enable and start the service with sudo systemctl enable ssh sudo systemctl start ssh Configure Firewall for SSH As we’re going to allow incoming connections from SSH clients, it’s important to enable the firewall. sudo ufw enable Once the firewall is active, add a rule to allow SSH traffic with sudo ufw allow ssh This allows incoming traffic on Port 22 (the default SSH port) to pass through the firewall. If you change the SSH port later on, you can add a rule to allow traffic through the new port as such. sudo ufw allow <newport>/tcp Getting Started with SSH The basic syntax that you’ll use on the client system is ssh <username>@<ipaddress> Fill in the username of an account on the remote server and the server’s IP address and run the command. You can use whoami and ip a to find these values if you’re unsure. ssh [email protected] You’ll be asked to confirm the authenticity of the host on the first connection. Enter yes to agree and input the user’s password to establish the connection. OpenSSH Server Configuration The OpenSSH server works based on configurations specified in the sshd_config file. Before you start changing any of the configs, create a copy of the original file with sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak Now, use a text editor like nano to edit the config file. sudo nano /etc/ssh/sshd_config Using the default port (22) is a bad idea for security reasons. To change this, uncomment the Port directive and set the value to something else. Save the changes and exit the editor. Now, test the new configuration with the -t option. sudo sshd -t -f /etc/ssh/sshd_config If no errors are returned, you can apply the changes by restarting the SSH server. sudo systemctl restart ssh You can follow this same process to configure other directives too. Some commonly made changes include: ListenAddress – Set which IP addresses you want the server to listen to. By default, 0.0.0.0 is used which specifies to listen for incoming connections on all IPv4 interfaces. PasswordAuthentication – As key-based authentication is much more secure, this directive is generally set to no to disable password authentication altogether. AllowUsers, DenyUsers – These are used to allow or deny SSH access to certain users. Authenticate With SSH Key OpenSSH can authenticate through various methods. Plain password authentication is fine to start with but it’s best to switch to public key authentication afterward, especially if using SSH for cross-domain access. This method compares a client’s private key to the public key stored on the server, which is way more secure. To set this up, generate the SSH keys on the client system. ssh-keygen -t rsa You can leave the private key’s passphrase empty, or you can set a password if you want to further improve its security. The public key will be saved in the ~/.ssh/id_rsa.pub file by default. Use the ssh-copy-id command to append the client’s public key to the remote server’s authorized_keys file as shown below. ssh-copy-id <username>@<remoteserver> You should be able to SSH to the remote server without needing the password now. Troubleshooting Common Errors SSH errors usually happen because SSH traffic is blocked by the firewall, or because the SSH server isn’t running. If you followed this guide, you should’ve been able to enable SSH smoothly as we already factored in such things. But if SSH isn’t working despite this, try some of the steps listed below: Start by verifying the firewall and SSH daemon status on the server. Try connecting using the server’s IP address instead of the hostname. Check the server’s sshd_config file for the Port and ListenAddress directives. If you need to specify a port, you can use ssh -p <port> <user>@<remotehost>. If SSH still doesn’t work, use the verbose options (ssh -v or ssh -vvv) to get further information.