How to Install and Enable OpenSSH on Ubuntu 17.04, Ubuntu 16.04

Before we proceed on how to install and enable OpenSSH on Ubuntu 17.04, Ubuntu 16.04, first we need to understand what OpenSSH (a fork of free SSH) is.

OpenSSH (also known as OpenBSD Secure Shell) is a connectivity tool that enables remote login via the SSH protocol, hence eliminating eavesdropping, connection hijacking, and other attacks. It helps to secure all network communications by encrypting all network traffic over multiple authentication methods through a secured tunnel.

The OpenSSH suite consists of the following tools:

• Remote operations are done using ssh, scp, and sftp.
• Key management with ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.
• The service side consists of sshd, sftp-server, and ssh-agent.

OpenSSH Key Features

• Offers strong cryptography (AES, ChaCha20, RSA, ECDSA, Ed25519…)
• Supports X11 forwarding (which also encrypts X Window System traffic)
• Port forwarding (encrypted channels for legacy protocols)
• Strong authentication (public keys, one-time passwords)
• Agent forwarding
• Interoperability
• SFTP client and server support in both SSH1 and SSH2 protocols
• Optional data compression
• See list for full details

The most recent release is OpenSSH 7.5 and its mainly bugfix release

Install OpenSSH on Ubuntu 17.04, Ubuntu 16.04

Now lets proceed with how to install and enable OpenSSH

How to enable root password

• First you need to ensure the root password is enabled if not already done, by running the following commands

sudo passwd root  Enter new UNIX password:  Retype new UNIX password:  passwd: password updated successfully

Install OpenSSH on Ubuntu

• Next we need to install openssh server / client on ubuntu by running the following commands on terminal

su - #enter your root password  sudo apt-get install openssh-server openssh-client

• Now start and enable SSH service by running following commands

systemctl start sshd  systemctl enable ssh.service

• Last step is to open up the ssh firewall port

ufw allow ssh  ufw reload

Configure OpenSSH Server

• To configure OpenSSH, you need to edit the file “sshd_config” located in “/etc/ssh”

sudo gedit /etc/ssh/sshd_config

• There are quite a few config settings in there but for the purpose of this tutorial, we will enable the following settings for a basic setup

 Port 22                    # Tells sshd on what port to listen on   AddressFamily any          # sshd listens on either IPv4 or IPv6 or both interface   ListenAddress 0.0.0.0      # Tells sshd to listen on all ip address   PermitRootLogin no         # For security, allows set this to no   MaxAuthTries 6             # To prevent DDOS attack, set the desired value to restrict the number of tries allowed during login   MaxSessions 10             # This sets the maximum number of simultaneous connections   PasswordAuthentication yes # This will enforce key-based if set to no and ask passwords if set to yes

• Save changes and reload sshd for changes to take effect

systemctl reload sshd

Test run OpenSSH setup

• For purpose of testing to see if this works as expected, we will enable ssh root access temporary but in a production setup, DO NOT enable it.
• Edit the file “sshd_config” located in “/etc/ssh” and change “PermitRootLogin without-password” to “PermitRootLogin yes“
• Restart the SSH server

  
sudo service ssh restart
 
 or
  

systemctl reload sshd

• Run the command to connect to it

ssh root@localhost