Secure Shell (SSH) is a network protocol used for secure connections between clients and servers. Every interaction between server and client is encrypted.
This tutorial explains how to enable SSH on an Ubuntu machine.
Activating SSH will allow you to connect to your system remotely and perform administrative tasks. You can also transfer files safely via scp and sftp.
Turn on SSH on Ubuntu
By default, when Ubuntu was first installed, remote access via SSH was not permitted. Enabling SSH on Ubuntu is quite easy.
Perform the following steps as root or as a user with sudo rights to install and activate SSH on your Ubuntu system:
1. Open the terminal with Ctrl + Alt + T and install the openssh-server package:
sudo apt update
sudo apt install openssh-server
When prompted, enter your password and press Enter to continue the installation.
2. After installation is complete, SSH service will start automatically. You can verify that SSH is running by typing:
sudo systemctl status ssh
The output will tell you that the service is running and is activated to start on system boot:
ssh.service - OpenBSD Secure Shell server Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2020-06-01 12:34:00 CEST; 9h ago ...
Press q to return to the command line prompt.
3. Ubuntu is shipped with a firewall configuration tool called UFW. If a firewall is enabled on your system, be sure to open the SSH port:
sudo ufw allow ssh
There she is! You can now connect to your Ubuntu system via SSH from any remote machine. Linux and macOS systems have SSH clients installed by default. To connect from a Windows machine, use an SSH client such as Putty.
Connect to the SSH Server
To connect to your Ubuntu machine via LAN activate the ssh command followed by the user name and IP address in the following format:
Make sure you change your username with the current username and ip_address with the IP address of the Ubuntu machine where you installed SSH.
If you don’t know your IP address, you can easily find it using the ip command:
As you can see from the output, the system IP address is 10.0.2.15.
After you find the IP address, enter the remote machine by running the following ssh command:
When you first connect, you will see a message like this:
The authenticity of host '10.0.2.15 (10.0.2.15)' can't be established. ECDSA key fingerprint is SHA256:Vybt22mVXuNuB5unE++yowF7lgA/9/2bLSiO3qmYWBY. Are you sure you want to continue connecting (yes/no)?
Type yes and you will be asked to enter a password.
Warning: Permanently added '10.0.2.15' (ECDSA) to the list of known hosts. firstname.lastname@example.org's password:
After you enter your password, you will be greeted with the default Ubuntu message:
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-26-generic x86_64) * Documentation: https://help.ubuntu.com * Management: https://landscape.canonical.com * Support: https://ubuntu.com/advantage ...
You are now logged into your Ubuntu machine.
Connecting to SSH behind NAT
To connect to your home Ubuntu machine via the Internet, you need to know your public IP address and configure your router to receive data on port 22 and send it to the Ubuntu system where SSH is running.
To determine the public IP address of the machine you are trying to SSH, simply visit the following URL: https://api.ipify.org.
When setting port forwarding, each router has a different way to set port forwarding. You should consult with your router’s documentation on how to set up port forwarding. In short, you must enter the port number where the request will be made (the default SSH port is 22) and the private IP address that you found earlier (using the ip a command) of the machine where SSH is running.
After you find the IP address, and configure your router, you can enter it by typing:
If you expose your machine to the Internet, it’s a good idea to implement some security measures. The most basic is to configure your router to receive SSH traffic on non-standard ports and to forward it to port 22 on machines running SSH services.
You can also set SSH key-based authentication and connect to your Ubuntu machine without entering a password.
Disabling SSH on Ubuntu
To disable the SSH server on your Ubuntu system, simply stop the SSH service by running:
sudo systemctl disable --now ssh
Then, to reactivate it, type:
sudo systemctl enable --now ssh
We have shown you how to install and activate SSH on your Ubuntu 20.04. You can now enter your machine and perform sysadmin tasks every day through the command prompt.
If you manage multiple systems, you can simplify your workflow by defining all your connections in the SSH configuration file. Changing the default SSH port adds an additional layer of security to your system, reducing the risk of automatic attacks.
If you have questions, please leave a comment below.