Simple Ubuntu Server: Part 3 – Setting up SSH

Welcome to Part 3 of the simple Ubuntu server. Here we will be setting up SSH access into the machine to be used for remote administration. If you followed Parts 1 and 2, you have a server running and may or may not have OpenSSH server installed on your machine. No worries! Even if you are using another distro (Debian-based that uses apt as its package manager), you can follow these instructions to setup your SSH server.

First, update your repository lists.

sudo apt-get update

You should already have the packages needed to make outgoing SSH connections, but in case you don’t for whatever reason or want to be sure, run:

sudo apt-get install openssh-client

Then install the ssh server package, which allows you to accept incoming connections:

sudo apt-get install openssh-server

At this point you are pretty much done.

To connect to your machine from a remote machine use the following command (replace seawolf167 with your username and the IP address with the IP address of your box).

ssh -l seawolf167 192.168.1.108

If you don’t know the IP address of your machine, you can find it by typing the command:

ifconfig

The find the line that says inet addr, which in my case since it’s over an ethernet connection (well, really a bridged network adapter within VirtualBox) will be under the eth0 heading. If you have a card with multiple ethernet ports or are using a wireless connection it could be under eth1 or wlan0 or wlan1, etc.

ifconfig output

ifconfig output

The first time you connect you will see a message similar to the following which is normal during the initial connection because you are connecting to a new machine.

SSH connection warning

SSH connection warning

There are a number of other things you can do like setup RSA keys to login without passwords, I’m just going to touch on the basics here though. Before you make any changes to your configuration file, you should back it up.

sudo cp -v /etc/ssh/sshd_config{,.orig}

Note that the command above is the same as typing:

sudo cp -v /etc/ssh/sshd_config /etc/ssh/sshd_config.orig

SSH operates on Port 22 by default and the easiest way to add a little protection from a computer facing the internet is to change the operating port. Another thing I plan on covering in the future is adding iptables rules to prevent brute force attacks against your SSH server. To do this, open the SSH configuration file for editing with your favorite editor (nano, vi, emacs, whatever)

sudo vi /etc/ssh/sshd_config

And change the port to a new number (you’ll have to remember this new port when you SSH into your machine in the future)

ssh-port

SSH port change

Save and exit the file. Then reload the SSH service so the new configurations take effect.

sudo service ssh restart

If you want to be lazy (RSA keys are a good way to be lazy and secure, I plan on touching on those in a different post), you can add hosts/hostnames/usernames to the config file on the computer you plan on doing your remote administration from so you don’t have to type all that information every single time. Again, fire up your editor to edit the config file.

vi ~/.ssh/config

Which will create the file since at the moment it (probably) doesn’t exist. Then add the following three lines (or at least the top line, Host). Make sure you replace each instance with the correct details for your machine (note that the Host can be anything you want, it doesn’t have to match the remote machine name).

Host myubuntuserver

Hostname 192.168.1.108

User seawolf167

Now in order to connect to your machine all you have to do is type the following line, your password when prompted and you’re in.

ssh myubuntuserver

As a side note, if you want to SSH into your box from outside your LAN, you will need the WAN IP address coming into your house/office. One way to find this is by going to:

http://checkip.dyndns.org/

Keep in mind that with most residential (and smaller commercial) connections, you will be on a dynamic IP address that changes with every retrain/power cycle of your gateway. You can pay for a static IP, or you can use a service like NoIP to keep a DNS updated with your current IP.

In order for the connection to go through, you will need to pass your SSH port (you remember what you changed it to earlier, right?) through your router/gateway to your local machine. Simply open your web browser, type in the address of your gateway (i.e. http://192.168.1.1), login and find the port forwarding page, and forward port 22 (or whatever port you changed it to) to your machine IP (in my case, IP address 192.168.1.108 and port 1234 from above). Now you can SSH into your machine from outside your house/office.

Tagged , , , , , , . Bookmark the permalink.

One Response to Simple Ubuntu Server: Part 3 – Setting up SSH

  1. Pingback: Brute Force SSH Protection - Use[ful][less] Knowledge

Leave a Reply

Your email address will not be published.

Protected by WP Anti Spam