Openssh Server Ubuntu 20.04

Posted : admin | On 02-05-2021



  1. Ubuntu 20.04 Ssh
  2. Openssh-server Has No Installation Candidate Ubuntu 20.04
  3. Install Openssh Ubuntu 20
  4. Openssh Server Ubuntu Install
  5. Install Openssh Server Ubuntu 20.04

By default, remote access is not allowed in Ubuntu 20.04 using the SSH, and we first have to enable the SSH. Just follow the step-by-step guide given below, and you will have the OpenSSH server installed and enabled on your ubuntu 20.04 LTS system for remote access. Step 1: Open up your terminal and update the system’s APT cache repository. — Installing Google’s PAM. In this step, we’ll install and configure Google’s PAM. PAM, which stands.

Choose your preferred keyboard layout for your Ubuntu 20.04 server and then choose “Done” option and hit. So, choose “Install OpenSSH server” option. Change the default SSH port. To change the default SSH port, modify the sshd configuration file. A quick guide to setup a SSH-conncection to Virtual Machine Ubuntu Server 20.04. This article shall serve to prevent wasting hours looking for the pitfalls I encountered setting up Ubuntu Server 20.04 on my Virtual Box host (Ubuntu, Windows and Mac). Install Ubuntu Server Image in Virtual Box. Download and install the.iso-file as described here.

SSH, also known as Secure Socket Shell or Secure Shell, is a cryptographic protocol that helps to encrypt communication in unsecured networks where an SSHD is the daemon program for SSH. Together they provide secure communication between two untrusted hosts over an insecure network.

Step 1 : To install it in Ubuntu, use the following command:

Step 2 : You may check its status by running command:

Step 3 : We’re going to edit a /etc/ssh/sshd_config file using the vi editor as the root user, so you should type the following command on the terminal:

Step 4 : Look for a line that contains PermitRootLogin and replace it with the following line:

Step 5 : Save the /etc/ssh/sshd_config file

Step 6 : Now it’s time to restart the SSH server. Then your server will be installed, configured, and ready to use. You can test this by executing the following command:

Step 7 : You can test your SSH server by trying to connect to it and typing on the terminal the following command:

Step 8 : Now you will see a message asking for your authorization. Type yes and your password. You’re now connected to your our server through the SSH protocol.

Simplifying SSH connections with a config file

Step 1 : A local configuration must be stored in the .ssh directory of your home directory, and be named config. The full path would look something like this:

Step 2 : This file doesn’t exist by default, but if it’s found, SSH will parse it and you’ll be able to benefit from it. Go ahead and open this file in your text editor, such as nano:

Step 3 : This config file allows you to type configuration for servers that you connect to often, which can simplify the SSH command automatically, for example:

Step 4 : SSH connections with a config file

In-depth guide on how to secure a Linux home server running Ubuntu 20.04. This post explains how to change the default SSH port, how to configure a UFW firewall, how to use ssh key-based authentication, how to install and configure fail2ban, and finally how to setup two factor authentication (2FA).

Prerequisites

Ubuntu 20.04 Ssh

  • A running Ubuntu instance
  • SSH access to your server

1. Change the default SSH port

Openssh-server Has No Installation Candidate Ubuntu 20.04

To change the default SSH port, modify the sshd configuration file

In order to access your server from outside of your local network, you need to forward that port your machine in your router’s configuration.

Now you will always need to specify the port used for SSH’ing into your server, as otherwise SSH will attempt to use the (now no longer working) port 22

Don’t forget to port-forward this to your home server in your router’s configuration if you want to access your home server from outside of your local network!

Openssh Server Ubuntu 20.04

Pro tip, I always recommend creating an “alias” for login purposes such that you won’t need to remember which SSH port you have used. This can easily be achieved by saving the connect command to your ~/.bashrc file

where random-name is any name for your alias
SSH-PORT is the port that you set up above, e.g. 549
USERNAME is the username on the server that you want to SSH into, e.g. roman
LOCAL-IP the local IP address, e.g. 192.168.1.100

Ubuntu 20.04 ssh

2. Install and setup ufw

UFW, or uncomplicated firewall, should generally already come pre-installed on Ubuntu 20.04. If for some reason it’s not already installed on your machine, you can get it using

Next, set up some basic rules and enable the firewall. Before continuing, make sure that you have specified the correct port for SSH. Otherwise you will lock yourself out from your own server!

This should provide you with some basic security, as only the ports specified can now be accessed. You can check which ports are allowed using

An additional layer of security can be gained by additionally blocking ping requests. For this, update the following line

Note that doing this will prevent you from finding your server’s local IP address using an IP scanner so make sure you know your server’s IP address before implementing this safety measure!

Finally, reload the firewall using

Install Openssh Ubuntu 20


3. Generate keygen

In order to make our SSH connection even more secure, I recommend to generate a key instead of a plain old password. Reason being is that it’s close to impossible to become a victim of a man-in-the-middle attack because no sensitive information is exchanged between you and your server upon login.

This works by creating a key which has two parts: a private key (stays on the client) and a public key (is transferred to the server). Once a client attempts to establish a connection to the server, it generates a random message, which the client encrpyts using the private key. This message is then send back to the server which decrypts it using the public key. The session is then accepted if the response matches what the server has sent. This is a clever way of avoiding having to send authentication related information in plain text (or encrypted) between the server and client, as the random message is different for each new connection.

You can generate a key on your client machine (which you use to connect to your server) with

I personally prefer not to use a passphrase for my key’s since I like to use two factor authentication anyways (see step 6 below).

Next, copy the public key to your server (mind the capital P to specify the non-standard SSH port)

Note: If you already have an authorized_keys file on your server, simply paste the content of id_rsa.pub in that file on a new line.

Now you should be able to log-in to your server without getting a password prompt, since the server authorizes you using the keygen.


4. Only allow login with keygen

To make your server only accept ssh key-based authentication, edit the sshd_config file

Next, restart the SSH deamon

5. Install and setup fail2ban

First, install fail2ban

Next, copy the default fail2ban configuration file (make sure to end the custom file with .local)

Add an SSH jail to the end of the file

This will ban any IP address that has more than 3 failed login attempts over the last 600 seconds indefinitely. You can change the ban type to a certain time period by changing bantime to any value in seconds.

Openssh

Finally, restart the fail2ban service

Get the current fail2ban status using

How to start openssh server ubuntu

If you have accidentally banned one of your computers, you can un-ban any IP address by typing


20.04

6. Setup two factor authentication

If you want to add yet another layer of security, you can set up two factor authentication for SSH based login to your server. In this example, we are going to use the google authenticator, however this procedure would work similarly with other authentication software such as Authy.

You can download the google authenticator for both Android and Iphone. This tool basically just produces a time based token based on a long sequence of numbers and letters.

Next, install google authenticator on your server:

Openssh Server Ubuntu Install

You can now set up two factor authentication by entering ‘google-authenticator’

If you proceed by typing ‘y’, a large QR code will be displayed in your terminal, together with your secret key as well as one-time emergency codes (the large QR code is not shown in the following example).

Write down your secret key and emergency codes and open the google authenticator application on your mobile phone. In the app, click on the plus in the bottom right corner and hit ‘scan QR-code’. Then scan the QR code from your terminal.

Next, allow the google authenticator to update the required file in your home directory:

Install Openssh Server Ubuntu 20.04

Now come three questions regarding the hardness of your google authenticator installation. The first one pertains to only allowing the use of the same authentication token once. I would strongly recommend to enable this.

The next setting pertains to the use of 3 codes to 17 codes. I would strongly recommend to disable this.

Finally, you can limit the number of allowed login attempts to 3 every 30 seconds. Make sure to never accidentally enter the wrong codes yourself though or you will lock yourself out from your own server! I generally enable this.

Update the PAM sshd configuration file

And all the way on the bottom add

All changes to the sshd_config file

Finally, restart the ssh daemon