~/blog/installation-and-configuration-of-ssh
Published on

Installing & Configuring SSH Server on Linux Ubuntu 18.10

book3 minutes read

Most network administrators manage servers located in remote places, requiring them to control their servers remotely over the internet. There are many applications available for this, such as Telnet, FTP, and r-tools like rsh, rlogin, and rcp. However, these applications are not secure as they do not use encryption to protect data exchange during the connection.

For remote administration, SSH is a more secure alternative to Telnet. SSH is a shell application used to create an encrypted connection between systems, ensuring that all transmitted information and data exchanges are protected.

One widely-used, free, and open-source SSH application is OpenSSH. OpenSSH is a package that includes scp, sftp, ssh, and sshd.

Alright, that's enough of the warm-up. let's proceed to the tutorial.

Step 1: Installation

Update repo:

$ sudo apt update

Install SSH Server:

$ sudo apt install openssh-server -y

Actually, SSH can be used right out of the box without any configuration. However, for enhanced security, it is recommended to modify certain directives in the sshd_config and ssh_config files as shown below.

Step 2: sshd Configuration

The sshd application has its main configuration file, sshd_config, which is stored in the /etc/ssh directory.

Edit file sshd_config:

$ sudo nano /etc/ssh/sshd_config

Modify the directives:

PermitRootLogin no
StrictModes yes
MaxAuthTries 3

PermitRootLogin: To enable or disable root access.

StrictModes: To check if user files and directories have 777 permissions (allowing anyone to read, write, and execute all files). If this directive is set to "yes" and the user's home directory has a 777 permission mode, the user will not be allowed to log in via OpenSSH.

MaxAuthTries: To set the maximum number of authentication attempts if the user enters the wrong username or password. This is used to slow down brute force attacks on SSH login.

The Port directive can also sometimes be used to enhance SSH connection security by changing the default SSH port (port 22) to another port, as long as that port is not already in use by another service or daemon.

Step 3: SSH Configuration

Similar to the sshd configuration, SSH can be used immediately with its default settings and does not require changes. However, there are a few directives that need attention

CheckHostIp yes
StrictHostKeyChecking ask

CheckHostIp: This will force OpenSSH to check whether the host's IP address is subject to DNS spoofing attacks.

StrictHostKeyChecking: This will force OpenSSH to ask whether the remote system's public key should be added to the known_hosts file when connecting for the first time.

Step 4: Restart ssh

We need to restart the SSH service for the changes we made to the configuration to take effect.

To enable SSH to start automatically at boot:

$ sudo systemctl enable ssh

To restart SSH:

$ sudo systemctl enable ssh

That's it, see ya~