enable ssh ubuntu

Secure Shell (SSH) is a protocol used to connect an SSH client to an SSH server. Its main uses include secure remote access, system management, and file transfer.

Ubuntu includes the OpenSSH client (a popular SSH implementation) by default, whereas you’ll need to manually install the OpenSSH server package. You’ll need to manage related configurations like the SSH service and firewall rules afterward to start using SSH.

Aside from these, we’ll also cover basic steps for getting started with SSH and common errors users face in this article.  

Install SSH on Ubuntu

Before you install the server package, ensure your system is up-to-date with 

sudo apt update && sudo apt upgrade

Install the OpenSSH server package with

sudo apt install -y openssh-server

If you need to set up the OpenSSH client on older systems, you can use

sudo apt install openssh-client

Verify the installation by running

sudo systemctl status ssh

The service status should be active (running). If not, you can manually enable and start the service with

sudo systemctl enable ssh
sudo systemctl start ssh

Configure Firewall for SSH

As we’re going to allow incoming connections from SSH clients, it’s important to enable the firewall.

sudo ufw enable

Once the firewall is active, add a rule to allow SSH traffic with

sudo ufw allow ssh

This allows incoming traffic on Port 22 (the default SSH port) to pass through the firewall. If you change the SSH port later on, you can add a rule to allow traffic through the new port as such.

sudo ufw allow <newport>/tcp

Getting Started with SSH

The basic syntax that you’ll use on the client system is  

ssh <username>@<ipaddress>

Fill in the username of an account on the remote server and the server’s IP address and run the command. You can use whoami and ip a to find these values if you’re unsure. 

ssh [email protected]

You’ll be asked to confirm the authenticity of the host on the first connection. Enter yes to agree and input the user’s password to establish the connection.

OpenSSH Server Configuration

The OpenSSH server works based on configurations specified in the sshd_config file. Before you start changing any of the configs, create a copy of the original file with

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.bak

Now, use a text editor like nano to edit the config file.

sudo nano /etc/ssh/sshd_config

Using the default port (22) is a bad idea for security reasons. To change this, uncomment the Port directive and set the value to something else.

Save the changes and exit the editor. Now, test the new configuration with the -t option.

sudo sshd -t -f /etc/ssh/sshd_config

If no errors are returned, you can apply the changes by restarting the SSH server.

sudo systemctl restart ssh

You can follow this same process to configure other directives too. Some commonly made changes include:

  • ListenAddress – Set which IP addresses you want the server to listen to. By default, 0.0.0.0 is used which specifies to listen for incoming connections on all IPv4 interfaces. 
  • PasswordAuthentication – As key-based authentication is much more secure, this directive is generally set to no to disable password authentication altogether. 
  • AllowUsers, DenyUsers – These are used to allow or deny SSH access to certain users.

Authenticate With SSH Key

OpenSSH can authenticate through various methods. Plain password authentication is fine to start with but it’s best to switch to public key authentication afterward, especially if using SSH for cross-domain access. This method compares a client’s private key to the public key stored on the server, which is way more secure.

To set this up, generate the SSH keys on the client system.

ssh-keygen -t rsa

You can leave the private key’s passphrase empty, or you can set a password if you want to further improve its security.

The public key will be saved in the ~/.ssh/id_rsa.pub file by default. Use the ssh-copy-id command to append the client’s public key to the remote server’s authorized_keys file as shown below.

ssh-copy-id <username>@<remoteserver>

You should be able to SSH to the remote server without needing the password now.

Troubleshooting Common Errors

SSH errors usually happen because SSH traffic is blocked by the firewall, or because the SSH server isn’t running. If you followed this guide, you should’ve been able to enable SSH smoothly as we already factored in such things. But if SSH isn’t working despite this, try some of the steps listed below:

  • Start by verifying the firewall and SSH daemon status on the server.
  • Try connecting using the server’s IP address instead of the hostname.
  • Check the server’s sshd_config file for the Port and ListenAddress directives. If you need to specify a port, you can use ssh -p <port> <user>@<remotehost>.
  • If SSH still doesn’t work, use the verbose options (ssh -v or ssh -vvv) to get further information.
Anup Thapa

Senior Writer

Anup Thapa is a Linux enthusiast with an extensive background in computer hardware and networking. His goal is to effectively communicate technical concepts in a simplified form understandable by new Linux users. To this end, he mainly writes beginner-friendly tutorials and troubleshooting guides. Outside of work, he enjoys reading up on a range of topics, traveling, working out, and MOBAs.