Ubuntu SSH: How To Enable Secure Shell in Ubuntu

SSH (Secure SHell) is possibly the best way to remotely access a Unix system – it's very secure thanks to automatic encryption of all the traffic, and it's also quite universal because you can do all sorts of things: access remote command line shell, forward graphics session output, establish network tunnels, set up port redirections and even transfer files over the encrypted session.

Today I'm going to show you how to get started with SSH in Ubuntu.

Installing SSH server in Ubuntu

By default, your (desktop) system will have no SSH service enabled, which means you won't be able to connect to it remotely using SSH protocol (TCP port 22). This makes installing SSH server one of the first post-install steps on your brand new Ubuntu.

The most common SSH implementation is OpenSSH. Although there are alternative implementations (closed source solutions and binary distributions maintained by various Unix and Unix-like OS vendors), OpenSSH is a de-facto standard in the secure transfers and connections industry. That's exactly what you want to install.

Log in with your standard username and password, and run the following command to install openssh-server.

You should be using the same username that you specified when installing Ubuntu, as it will be the only account with sudo privileges to run commands as root:

ubuntu$ sudo apt-get install openssh-server
[sudo] password for greys:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  rssh molly-guard openssh-blacklist openssh-blacklist-extra
The following NEW packages will be installed:
  openssh-server0 upgraded, 1 newly installed, 0 to remove and 75 not upgraded.
Need to get 285kB of archives.
After this operation, 782kB of additional disk space will be used.
Get:1 http://ie.archive.ubuntu.com jaunty/main openssh-server 1:5.1p1-5ubuntu1 [285kB]
Fetched 285kB in 0s (345kB/s)
Preconfiguring packages ...
Selecting previously deselected package openssh-server.
(Reading database ... 101998 files and directories currently installed.)
Unpacking openssh-server (from .../openssh-server_1%3a5.1p1-5ubuntu1_i386.deb) ...
Processing triggers for ufw ...
Processing triggers for man-db ...
Setting up openssh-server (1:5.1p1-5ubuntu1) ...
Creating SSH2 RSA key; this may take some time ...
Creating SSH2 DSA key; this may take some time ... 
* Restarting OpenBSD Secure Shell server sshd                           [ OK ]

Public and Private keys in SSH

As you can see in the sample output above, the installation procedure created 2 sets of keys – SSH2 RSA keypair and SSH2 DSA keypair. The reason for this is that OpenSSH relies heavily on the public and private key (PPK) infrastructure.

The concept behind PPK is pretty cool: SSH allows you to create keypairs. They are generated to the maximum randomness achievable on your system. Keypairs can be created for your server or for your individual uses.

The idea is that public keys are shared with other servers, and they later can be used as a unique identificator to confirm your true identity. When you're connecting to another server, it uses your public key to encrypt a short message and the secure session will only be established if on your side you have a private key that allows decrypting the message. No other system or user can decrypt the message because only you would have the private key. That's why it's called private – don't ever share it with anyone.

As an additional security measure, when you're generating personal keypairs you'll be asked to supply a passphrase so that even if someone steals your private password they won't be able to use it without knowing your passphrase.

Verifying your SSH server works

While you're still on your local desktop session, you can use the ps command to confirm that SSH daemon (sshd) is running:

ubuntu$ ps -aef | grep sshd
root     24114     1  0 15:18 ?        00:00:00 /usr/sbin/sshd

Now that you see it's there, it's time to try connecting:

ubuntu$ ssh localhost

Since this is the first time you're trying to connect using SSH, you'll have to answer yes to the following question:

The authenticity of host 'localhost (::1)' can't be established.RSA key fingerprint is 18:4d:96:b3:0d:25:00:c8:a1:a3:84:5c:9f:1c:0d:a5.Are you sure you want to continue connecting (yes/no)? yes

… you'll then be prompted for your own password (remember, the system treats such connection request as if you were connecting remotely, so it can't trust you without confirming your password):

Warning: Permanently added 'localhost' (RSA) to the list of known hosts.greys@localhost's password:

.. and finally you'll see the usual Ubuntu (Jaunty in this example) banner and prompt:

Linux ubuntu 2.6.28-11-generic #42-Ubuntu SMP Fri Apr 17 01:57:59 UTC 2009 i686

The programs included with the Ubuntu system are free software;the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law.

To access official Ubuntu documentation, please visit:http://help.ubuntu.com

Last login: Fri May 15 15:18:34 2009 from ubuntu

ubuntu$

That's it, providing you have your networking configured and you know your IP address or hostname, you can start connecting to your Ubuntu box from remote systems, using the same command. Enjoy!

Recommended books:

See also:

Share and Enjoy

  • Facebook
  • Twitter
  • Delicious
  • LinkedIn
  • StumbleUpon
  • Add to favorites
  • Email
  • RSS
  • zidar

    something as simple as this has been giving me problmes …

    so thanks for this tutorial .. works like a charm

  • Mike

    Thanks for the simple help. Do you have any help on how to customize SSH, such as changing the port number (security), granting user access, limiting where users can navigate when connected to shh, etc…

    Thanks!

  • http://mindlessblathering.wordpress.com Becker

    Maybe you could add a small paragraph at the end of this tutorial (which was just what I needed btw) to remind users of the increased need for strong secure passwords now they have a port open to the internet

  • spad

    What is the benefit of studying the UNIX systems? I understand most of the jobs offered today require most knowledge of this criteria, but I wish there were better reasons to use this system other than for security and networking.

  • Jonathan

    I was struggling with the Ubuntu as it was different from my previous experiences.
    it just worked – thanks

  • http://users.telenet.be/danny.uytersprot1/ Danny Uytersprot

    Excellent tutorial!
    Thanks!

  • http://none kyle

    i was just to figure out the ssh connection and this helped!
    Thanks man!

  • Pingback: Trying to set up a terminal on Android to connect to Ubuntu Server.()

  • chad

    excellent instructions! worked like a charm!

  • bladerunner

    most serious servers around are one form of unix or linux and the number is growing quickly because of rock solid performance and reliability.

  • eyal

    HEy Dude how do i connect to it

  • Wagner

    Very simple help!!! Excellent instructions!!!

  • Pingback: SSH | wonderland()

  • Pingback: Passwordless SSH with encrypted homedir in Ubuntu | Unix Tutorial()

  • Mersan

    Thanks!

  • zazuzi

    Simply: because other systems are piece of crap and are not designed for professional work (see as an example software from M$)