Enable remote SSH access to Ubuntu Server
So, you've just installed your new Ubuntu Server and you're thinking, so now I can go back to my desk, and access my new server remotely.... how exactly...
Ubuntu Server is generally installed as a headless operating system. In other words you get command line access only. That's fine, but you need to be able to administer it remotely rather than sitting at the local terminal. It may even be a VM.
Installation
Anyway, in it's simplest form, you can issue these commands to enable SSH:
sudo apt-get update
sudo apt-get install ssh
sudo ufw allow 22
sudo apt-get update
- Updates any old packages to the latest version.
sudo apt-get install ssh
installs the latest SSH package and it's dependencies.
sudo ufw allow 22
- Opens access to port 22 through the Firewall.
(You may also need to look at Port Forwarding if you're having trouble with firewalls or routers).
There's also the possibility that your system packages are somewhat out of date (which happens regularly with the frequency of updates available from Ubuntu). In order to update your entire system, from the command prompt enter (at least the first two of) these commands:
sudo apt-get update # Fetches the list of available updates
sudo apt-get upgrade # Strictly upgrades the current packages
sudo apt-get dist-upgrade # Installs updates (new ones)
Bitnami VM
If you're trying to get SSH running on a Bitnami virtual machine, they're specifically crafted to disable SSH by default.
You can follow this guide to get things up and running:
https://docs.bitnami.com/virtual-machine/faq/#how-to-enable-the-ssh-server
Great - so now you can access your server remotely via SSH.
That's just the beginning though.
If you're even thinking about deploying this server in the wild, even just inside a corporate network environment, you'll want to harden it.
Hardening
By default, SSH will allow unlimited failed login attempts, so brute-forcing access to the server can be achieved. Better passwords will help of course, but this is still really bad. If your server is exposed to the outside world at all, someone will eventually break in.
At the very least you should:
- Disable password based login, and use keys.
- Don't use port 22 - move it way higher (22123 as a random example) - !!Security by obscurity is not security, but it will keep your server out of most IOT search engines like Shodan.
- Automatically block IP's of brute force login attempts using Fail2ban or simmilar.
- Install with:
sudo apt-get install fail2ban
- Install with:
Oli Warner (an AskUbuntu moderator) has written a rather good guide over at his blog https://thepcspy.com/read/making-ssh-secure/
And there's a good installation and configuration guide over at DigitalOcean: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04
Further reading:
- SSH: https://help.ubuntu.com/community/SSH
- Open SSH Server: https://help.ubuntu.com/lts/serverguide/openssh-server.html
- Configuring OpenSSH: https://help.ubuntu.com/community/SSH/OpenSSH/Configuring
- SSH Keys: https://help.ubuntu.com/community/SSH/OpenSSH/Keys
- Securing SSH: https://thepcspy.com/read/making-ssh-secure/
- Installing Fail2ban: https://www.digitalocean.com/community/tutorials/how-to-protect-ssh-with-fail2ban-on-ubuntu-14-04