Installing openssh-server
Usually, this package is already installed by default when you install Ubuntu Server 22.04. However, if it is not installed, here is the command to do so
First, make sure it is not already available in your environment.
sudo apt update
sudo apt install opens-serverConfiguring Access
Once we have openssh-server installed, we will proceed with configuring access. By default, you can access the server using ssh username@server-address. Let’s assume that during the installation of our server, we decided to use the username aldrass and defined that the IP of our server would be 192.168.128.2, or this is simply the IP assigned by our DHCP. With this information, you would access your server via SSH like this:
ssh aldrass@192.168.128.2You would specify the password you set for the user aldrass during the Ubuntu server installation process, and congratulations, you are now connected to your server. You will now be able to perform the same operations as if you were physically working on it.
But wait a moment, do I have to specify the IP 192.168.128.2 every time I want to access the server? And even more, why would I have to type the password for the user aldrass every time I connect? No, of course not. Everything is designed to make our lives easier.
Let’s start by avoiding the need to type 192.168.128.2 every time you want to access via SSH. First, let’s define a name for this server; I’ll call it ironforge in honor of the city of dwarves and gnomes from the game World of Warcraft. With a name defined, we then need to tell our local machine to translate this name to 192.168.128.2 whenever we try to access ironforge. How do we do this? Simply, if you use Mac or any Linux distribution, open the file located at /etc/hostswith administrative privileges (i.e., using sudo), and use your preferred text editor.
sudo nano /etc/hostsAdd the following line to the end of the file and then save it:
192.168.128.2 ironforgeNow let’s verify that what we just did had an effect. Try connecting via SSH using the following command:
ssh aldrass@ironforgeYou might be asked to confirm that you really want to proceed with the connection, showing a message like this:
Are you sure you want to continue connecting (yes/no/[fingerprint])?Simply type yes and press Enter, and voilà, you can access the server without having to remember its IP address. Just use the name you assigned, and you’ll be able to reach it. Now, let’s save even more effort by eliminating the need to specify the username and password on each access attempt, in my case, the user aldrass. How do we do this?
Accessing with Keys
On our local machine, we will generate a pair of public and private keys if we haven’t already done so, which we will use for access. Simply execute the following command and follow the instructions as described below.
ssh-keygenFirst, it will ask if you want to create your key with the name id_rsa and located in the directory /var/root/.ssh (in my case because I’m using root). If you agree, simply press Enter or specify a valid path and filename.
Enter file in which to save the key (/var/root/.ssh/id_rsa):Next, it will give you the option to specify a passphrase or password. You can either press Enter if you are not interested in setting a passphrase, or you can type the passphrase you wish to use.
Enter passphrase (empty for no passphrase):Confirm your choice in the next step:
Enter same passphrase again:And bingo, a public and a private key are generated in your SSH directory.
Your identification has been saved in /var/root/.ssh/id_rsa
Your public key has been saved in /var/root/.ssh/id_rsa.pub
The key fingerprint is:
SHA256:H894uwSSW9ZwN51iIrnrSUXVNfTFkFQbkVecu03LkX8 root@Dhampir.local
The key's randomart image is:
+---[RSA 3072]----+
| o=@@|
| . . .=@|
| o.o.ooo*|
| .++o..=.|
| S.=.. ..*|
| *o* +E|
| .oo = .|
| o .o . |
| o o. |
+----[SHA256]-----+With our keys available and ready to use, let’s move to the next step. We will create a file named config in our SSH directory.
nano ~/.ssh/configSpecify the following text in the file:
Host ironforge
HostName 192.168.128.2
user aldrass
IdentityFile ~/.ssh/id_rsaWhat have we just done here? Simply put, we are specifying that we have a host named ironforge identified by the IP 192.168.128.2. Additionally, we will use aldrass as the user to access it, and lastly, that it should use the private key ~/.ssh/id_rsa for each attempt.
Now that we have the config file defined, we will transfer the generated public key to the Ubuntu server using the following command:
ssh-copy-id -i ~/.ssh/id_rsa.pub aldrass@ironforgeAfter completing this step, we only need to configure the SSH server on our Ubuntu server to disallow connections with a username and password, so that from now on, access is only possible with the private key previously specified. How do we do this? Simply log in to the Ubuntu server.
ssh aldrass@ironforgeOnce inside, open the SSH configuration file with administrative privileges:
sudo nano /etc/ssh/sshd_configEnsure that the following categories are set to no and that they are uncommented (without the # symbol at the beginning of the line):
PasswordAuthentication no
PermitEmptyPasswords noSave the changes and proceed to restart the SSH service:
sudo service ssh restartClose the connection, i.e., log out of the server, and then try to reconnect using:
ssh aldrass@ironforgeSurprise, you might encounter an error message like the following:
ironforge@192.168.128.2: Permission denied (publickey).You are no longer able to access using a username and password. However, if you try this alternative:
ssh ironforgeBingo, you’ll be able to access, and thus public/private key access is configured. Not only is it more convenient, but it is also much more secure. While with the previous option anyone who knew the access credentials could get in, now it requires possession of the private key. It goes without saying not to share it. There are many other security measures to protect our server, which will be addressed in future posts.
I hope this post has been useful to you, if so, you will have achieved your goal.
Yuniel Alvarez
