Friday, 15 August 2008

How to install an SSH server on your Ubuntu box

One of the nicer features of Linux is the ability to use Secure Shell (SSH) for encrypted remote access. Using SSH, you can control a remote computer without having physical access to the machine. The traffic generated by SSH is encrypted, and assuming you configure SSH correctly, quite secure as well. Here’s how to install the OpenSSH Server software with a basic security configuration on Ubuntu 8.04 Hardy Heron. (Bear in mind, of course, that you follow all advice at your own risk.)

First, open up a Terminal window, and use apt-get to download and install OpenSSH Server:

sudo apt-get install openssh-server

This will take a few moments, depending upon the speed of your computer and your Internet connection. Once the installation is finished, you’ll return to the Terminal. We’ll need to make a few changes to your sshd_config file in order to increase SSH’s security. (Note that it is always best practice to make a backup copy of a configuration file before editing it.) To edit your your sshd_config file, use the following command:

sudo gedit /etc/ssh/sshd_config

(Note that you can use your editor of choice instead; vi or emacs or whatever.)

Once you’re editing the file, we’ll need to change the following directives:

PermitRootLogin no

Never, ever give root access to SSH unless you have an extremely good reason for doing so. If an attacker happens to discern your root password, he or she will have total remote control over your system. By denying root login permission through SSH, you can provide an effective block to that danger.

The Port directive also specifies which TCP/IP port the SSH daemon uses to listen for SSH requests. The default port is 22, and you may want to change that, especially if your machine is accesible on the Internet. Many malware bots use port 22 for default SSH attack attempts, and by changing your port number you can stop at least some of the automated cracking attempts.

You may also want to change the AllowUsers directive, which specifies which users can access SSH. This can provide an additional layer of security by granting SSH access only to a few users. For instance, to restrict access to only the users joetest and billtest:

AllowUsers joetest billtest

Once you’ve finished changing your settings, save your changes to the sshd_config file, and restart the SSH daemon:

sudo /etc/init.d/ssh restart

You should now be able to SSH into your Ubuntu machine. You can do so from the Terminal on a Mac or another Linux machine, or by using Putty on a Windows machine.

No comments: