Simon Lehmann

Web/mobile app developer from Perth, Western Australia

Installing and Configuring OpenSSH on Ubuntu Server

09 Jul 2017

OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of tools for remotely controlling, or transferring files between, computers.

This guide will cover the installation and setup of OpenSSH on Ubuntu Server 16.04 LTS.

It is recommended to update packages before beginning.

$ sudo apt update
$ sudo apt upgrade

Installing OpenSSH

Install the OpenSSH client.

$ sudo apt install openssh-client

Install the OpenSSH server.

$ sudo apt install openssh-server

Configuring OpenSSH

Copy the /etc/ssh/sshd_config file and protect it from writing with the following commands, issued at a terminal prompt:

$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
$ sudo chmod a-w /etc/ssh/sshd_config.original

This creates a backup of the original configuration for future reference.

Open the /etc/ssh/sshd_config file in the editor of your preference.

$ sudo nano /etc/ssh/sshd_config

To configure OpenSSH to listen on a TCP port other than the default (TCP port 22), change the Port directive:

Port 2222

To have sshd allow public key-based login credentials, simply add or modify the line:

PubkeyAuthentication yes

If the line is already present, then ensure it is not commented out.

To disallow login by the root user over SSH, change the PermitRootLogin directive:

PermitRootLogin no

To make your OpenSSH server display the contents of the /etc/issue.net file as a pre-login banner, simply add or modify the line:

Banner /etc/issue.net

Save the file and exit the editor.

After making changes to the /etc/ssh/sshd_config file, save the file, and restart the sshd server application to effect the changes using the following command at a terminal prompt:

$ sudo systemctl restart sshd.service

Check the contents of the /etc/issue.net file.

$ sudo nano /etc/issue.net

You may want to insert something like this instead:

***************************************************************************
                            NOTICE TO USERS


This computer system is the private property of its owner, whether
individual, corporate or government.  It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.

Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
agencies, both domestic and foreign.

By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials.  Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to
use this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.

****************************************************************************