SSH (Secure Shell) is a network protocol used to establish a secure network connection between a client and a server. On Ubuntu, OpenSSH is the most commonly used package for installing and configuring SSH. This article will guide you through Installing and Configuring OpenSSH Server on Ubuntu/Debian, including scenarios such as allowing specific users to SSH, only allowing regular users to SSH, allowing root to SSH, and prohibiting root from SSH.
Prerequisites
- Operating system
- Ubuntu
- Debian
- Debian-based
- User privileges: root or non-root user with root privileges
Step 1 – Installing SSH
First, you need to install the OpenSSH Server if it is not already installed on your system.
Update the package list:
sudo apt update
Install the OpenSSH Server
sudo apt install openssh-server -y
Check the status of the SSH service to ensure it is running:
sudo systemctl status ssh
Step 2 – Configuring SSH
After installation, you need to edit the SSH configuration file /etc/ssh/sshd_config to make specific configurations.
2.1. Allowing Specific Users to SSH
To allow specific users to SSH into the system, you need to open the configuration file and add the AllowUsers directive.
First, open the SSH configuration file:
sudo vim /etc/ssh/sshd_config
Add the following line at the end of the file (replace user1 and user2 with the usernames you want to allow):
AllowUsers user1 user2
Save the file and exit the editor
2.2. Allowing Only Regular Users to SSH
To allow only regular users to SSH and prohibit the root account:
Open the SSH configuration file
sudo vim /etc/ssh/sshd_config
Add or modify the following line:
PermitRootLogin no
Save the file and exit the editor.
2.3. Allowing the Root Account to SSH
To allow the root account to SSH into the system, open the SSH configuration file:
sudo vim /etc/ssh/sshd_config
Add or modify the following line:
PermitRootLogin yes
Save the file and exit the editor.
2.4. Prohibiting Root from SSH
To prohibit the root account from SSH, open the SSH configuration file:
sudo vim /etc/ssh/sshd_config
Add or modify the following line:
PermitRootLogin no
Save the file and exit the editor.
2.5. Restarting the SSH service
After editing and saving the configuration file, restart the SSH service to apply the changes:
sudo systemctl restart ssh
Step 3 – Configure Firewall
To ensure SSH traffic is allowed through the firewall, you need to permit the SSH service or port 22 through the firewall using the commands below.
Note: If the firewall is not enabled on your system, you can skip this step.
Allow SSH through the firewall:
Alternatively, you can specify the port number (default is 22):
sudo ufw allow 22/tcp
Enable the firewall if it is not already enabled:
sudo ufw enable
Check the status of the firewall to ensure the rule has been applied:
sudo ufw status
Conclusion
By following the steps above, you have learned how to install and configure SSH on Ubuntu, including setting up the UFW firewall to allow SSH traffic. Proper SSH configuration not only enhances system security but also ensures that only authorized users can access the system via SSH. Be sure to regularly review and update your security settings to maintain the safety of your system.