SSH stands for “secure shell”, and it is a network protocol that allows you to securely send commands to a remote machine. The “secure” part comes from the fact that the connection is encrypted, which means that an attacker cannot eavesdrop on the connection, or intercept and replace your commands with his own midway through transit. SSH is pretty reliable and secure, and is commonly used in the Linux world. Administrators often use it to remotely manage machines – it’s usually more comfortable to control a server from your laptop than in the chilly and noisy server room.
In this post, we’ll show you how to set up an SSH server on Ubuntu 12.04 Precise Pangolin.
The default SSH server package for Ubuntu 12.04 Precise Pangolin is OpenSSH Server, which we’ll use here.
First, you’ll need to install OpenSSH Server. To do so, open up a Terminal window and type the following command:
sudo apt-get install openssh-server
Enter your password to authenticate, and the apt utility will download and install OpenSSH Server for you. Depending on the speed of your Internet connection and your computer, the installation may take several minutes.
Once the installation has finished, return to the Terminal window. We’ll need to make a few changes to your /etc/ssh/sshd_config file in order to increase SSH’s security. First, as always, we’ll want to make a backup copy of your sshd_config file in case anything goes wrong. Type this command into the Terminal:
sudo cp /etc/ssh/sshd_config ~
This will make a backup copy of the sshd_config file in your home directory.
Next, we’ll need to edit the sshd_config file itself.
sudo vi /etc/ssh/sshd_config
(Note that you can use emacs or gedit or another text editor of your choice.)
Like almost every other server software package, SSH is controlled by a number of directives in its configuration file. The default installation of OpenSSH server is reasonably secure. However, you might want to make a few changes to tighten up its security to additional degree.
The “PermitRootLogin” directive is one you’ll want to change. Once you’re editing the /etc/ssh/sshd_config file, you’ll want to change the following directive as follows:
PermitRootLogin no
This will keep anyone from attempting to log into your server via SSH as root. It’s generally a good idea not to allow any to log into your SSH server as root. If an attacker manages to hack into your SSH server with the root login, he will have complete control over your machine, and that is definitely not a good thing.
Another directive you might want to change is the “AllowUsers.” When the AllowUsers directive is active, only users specifically specified in the directive can access the system through SSH. This adds an additional layer of protection to your SSH server by only allowing specific users to connect via SSH. For instance, if you wanted to limit SSH access to just the “camalas” user account, edit the AllowUsers directive like this:
AllowUsers camalas
To add multiple users to the AllowUsers directive, just add them one by one without commas or semicolons. An AllowUsers directive that permits the camalas user account and the lmaraeus user account to log in would look like this:
AllowUsers camalas lmaraeus
You may also want to consider changing the Port directive. By default SSH runs over TCP/IP port 22, which means that any malware bot autoscanning port 22 can target it. If you set up your user accounts with a weak password (always a bad idea), eventually an automated bot might break through and guess the password. Changing the Port directive to something different will make SSH run over a different port, blocking some of those automated cracking attempts. To set SSH to run over port 5699 instead, make sure your Port directive looks like this:
Port 5699
Note that if you change your SSH server’s default port, you’ll need to remember the new port number when using an SSH client, which we’ll cover in the next section.
After you’ve finished changing the directives in /etc/ssh/sshd_config, switch vi to command mode, and save and quit vi. After you return to the command line, restart the SSH daemon with this command:
sudo restart ssh
You should now be able to SSH into your Ubuntu 12.04 Precise Pangolin machine from another system with an SSH client.
-----------------------------------------------------
Silence, the way to avoid many problems;
Smile, the way to solve many problems;