Setup SSH Server


Linux is the Operating System for Techies. Microsoft is only for the managers! Once you get addicted to the command line, flexibility and speed of Linux, it is difficult to tolerate the slow Windows.

But there is a slight bump when you start off with Linux. Yes, the higher distributions of Ubuntu make it a lot simpler for new comers. .But the fun begins only when you get down to the command line. But if you are a true coder, you have to come on board.

This series of blogs is a list of How-To's for working on Linux command line - mostly on an Ubuntu.

Install Open SSH


Linux can host an SSH Server - that allows authorized users to connect from an external machine. This is typically useful when you have a base server, where several users connect to do their work. Or if you have a Linux Distro running on a Virtual Box, you can easily connect to it using an SSH client like Puty.

If you are all setup with the Linux installation, you can jump in, to setup the Open-SSH server. As always, before you start, you need to make sure your current packages are up to date. So, start with

sudo apt update
sudo apt upgrade -y

The first one will refresh the package manager's list of packages, and the second will actually upgrade any packages that have an upgrade available.

This may take some time depending upon how frequently you update your system.

Next, we install the Open SSH server.

sudo apt install openssh-server

This will prompt you to confirm the install. You have not choice but to accept it, if you really want the Open SSH on your machine. But it is a good idea to glance and check out the list of packages being pulled in - just in case you see something curious.

Start the Server


Starting the server is as easy as the installation. The installation takes care of most of what is required. We just have to enable the service and we are done.

Just type the below command to check if that is already done

sudo systemctl status ssh

This shows us the current status. It should return a lot in the response. Look out for "Active: active (running)" in the response. If you can see this in the status, it means the server is started and all set.

In case you have some doubts or problems, you can ensure the service is setup correctly.

sudo systemctl enable ssh

This ensures that the service starts up on every reboot.

You can specifically start, stop or disable the service using one of the below commands:

sudo systemctl start ssh
sudo systemctl stop ssh
sudo systemctl disable ssh

Firewall


If you are impatient like me, I guess you would have already tried to make an SSH connection to the server - that failed. That is because of the firewall.

Any sensible operating system has a strong firewall, that takes care of blocking unwanted traffic to and from the machine. Of course, Linux has a very good firewall. Because of this, you will not be able to connect into the server.

It is good that all incoming traffic is blocked, But, in this case, we need to allow incoming traffic for the SSH connections to work. So, we need a firewall exception. That is what we will add now.

It is a single one line command

sudo ufw allow ssh

That tells the Ubuntu firewall that it should allow incoming SSH connections. You will see a response that the firewall exception is added as required.

Configuration


In most cases, the defaults of Open SSH are all that we need. But for the geeks, there are several possible tweaks that can be made on it. To do this, check out this file:

sudo vi /etc/ssh/sshd_config

The sshd daemon checks this file for its configuration. Most of this config file is commented. The principle here is that, any configuration that is not available in this file will be set to the default value. If a value is set, then it overrides the default.

In this file, all the fields are set to their default values, and commented. That makes it easy for the developer who wants to modify it. Just make sure you have a backup of the original config file before making any changes in there.

The entire content of config file is beyond the scope of this blog. But, if you are curious, you can simply run this command

man sshd_config

It provides a detailed description of each of those fields.