By 佐川 直弘 | Naohiro Sagawa (運営者)

※記事内に広告を含みます。Amazonアソシエイトとして適格販売により収入を得ています。　

Guide to SSH Configuration and Security Hardening on Ubuntu

1. What is SSH? How to Use It on Ubuntu

SSH (Secure Shell) is a protocol used to securely connect to and operate a remote server. In Linux-based systems like Ubuntu, SSH is an essential command-line management tool. By using SSH, communication with the server is encrypted, preventing unauthorized access and eavesdropping by third parties.

Related Link: What is SSH? Official Ubuntu Documentation

2. How to Install SSH on Ubuntu

To use SSH, follow these steps to install the SSH server on Ubuntu.

1. Update the package list:

   sudo apt update

2. Install OpenSSH Server:

   sudo apt install openssh-server

3. Start the service and check its status:

   sudo systemctl status ssh

Note: You can find more details about OpenSSH on the Ubuntu official page.

3. Checking SSH Service Status and Enabling It at System Startup

Verify that SSH is running properly and configure it to start automatically when the system boots.

1. Check the service status:

   sudo systemctl status ssh

2. Enable SSH to start automatically at boot:

   sudo systemctl enable ssh

4. How to Allow SSH Through the Firewall

Use Ubuntu’s default firewall, UFW (Uncomplicated Firewall), to allow SSH access.

1. Allow SSH connections through the firewall:

   sudo ufw allow ssh

2. Check the status of UFW:

   sudo ufw status

5. How to Connect to an Ubuntu SSH Server

Follow these steps to connect to your Ubuntu server via SSH remotely.

1. Check the IP address:

   ip a

2. Connect using SSH:

   ssh username@ip_address

If a security warning appears on the first connection, type yes and then enter your password to proceed.

Tip: Windows users can use PuTTY as an SSH client.

6. Advanced SSH Settings (Changing Ports, Disabling Root Login)

Enhance SSH security by modifying default settings.

1. Change the default SSH port:
   Changing the default port (22) reduces the risk of brute-force attacks.

   sudo nano /etc/ssh/sshd_config
   #Port 22 → Change to a preferred number

2. Disable root login:
   For security reasons, it is recommended to disable root login.

   PermitRootLogin no

After making changes, restart the SSH service.

sudo systemctl restart ssh

7. Best Practices for Securing Your SSH Server

Follow these best practices to enhance SSH security.

1. Use SSH key authentication:
   Instead of password authentication, use public key authentication for enhanced security.
   Refer to the SSH Key Generation Guide to set up key pairs.
2. Restrict SSH access to specific users:
   Limit SSH access to specific users using the AllowUsers directive.
3. Use Fail2Ban to prevent brute-force attacks:
   Fail2Ban automatically blocks repeated failed login attempts.

   sudo apt install fail2ban

For configuration details, refer to the Fail2Ban documentation.

8. Common SSH Connection Troubleshooting

If you experience SSH connection issues, use the following checklist to troubleshoot.

• Firewall settings misconfiguration: Check if UFW or other firewalls are configured correctly.
• Verify IP address: Ensure you are using the correct IP address.
• Check SSH configuration file for errors: Review /etc/ssh/sshd_config for mistakes and restart SSH if needed.

Conclusion

This guide covered how to install and configure SSH on Ubuntu securely. Implement best practices to maintain a secure and efficient server environment. For more detailed information, refer to the Official Ubuntu SSH Configuration Guide.