How to Setup SSH server on Linux Ubuntu
Create SSH key in local machine Ubuntu
ssh-keygen -t rsa -b 2048 -C "EasiestSoft.com"
sudo mkdir path-to-save-id_rsa
cp ~/.ssh/id_rsa ~/path-to-sav-id_rsa
Create new SSH user on Server
$ ssh root@10.98.76.54
# reset root password
$ passwd
$ apt update
$ apt upgrade
$ adduser EasiestSoft
$ usermod -aG sudo EasiestSoft
$ getent sudo
Configure SSH server settings
$ sudo vi /etc/ssh/sshd_config
Port 987
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 2048
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin no
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive no
ClientAliveInterval 300
ClientAliveCountMax 2
AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
AllowUsers EasiestSoft
Set SSH key for new SSH user
EasiestSoft@ubuntu$ mkdir ~/.ssh
$ touch ~/.ssh/authorized_keys
$ vi ~/.ssh/authorized_keys
$ chmod 400 ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh
$ sudo service ssh restart
Setup a basic firewall for SSH on Ubuntu
EasiestSoft@ubuntu:~$ cd /etc/ufw/applications.d/
$ cat openssh-server
[OpenSSH]
title=Secure shell server, an rshd replacement
description=OpenSSH is a free implementation of the Secure Shell protocol.
ports=22/tcp
$ sudo cp openssh-server myssh
$ sudo vi myssh
[mySSH]
title=Secure shell server, an rshd replacement
description=OpenSSH is a free implementation of the Secure Shell protocol.
ports=987/tcp
$ sudo ufw enable
$ sudo ufw app list
OpenSSH
mySSH
$ sudo ufw allow openSSH
$ sudo ufw allow mySSH
$ sudo ufw status verbose
To Action From
-- ------ ----
22/tcp (OpenSSH) ALLOW IN Anywhere
987/tcp (mySSH) ALLOW IN Anywhere
22/tcp (OpenSSH (v6)) ALLOW IN Anywhere (v6)
987/tcp (mySSH (v6)) ALLOW IN Anywhere (v6)
We use both openSSH and mySSH now, will delete openSSH later
SSH client configuration
Host EasiestSoft
HostName 10.98.76.54
User EasiestSoft
Port 543
IdentityFile path/to/rsa
IdentitiesOnly yes
Test the new SSH server
Please note: DON't close the terminal, create a new terminal window to test the new ssh_config, we need to change settings if we are unable log in using the rsa key
ssh -i path_to_id_rsa -p 987 EasiestSoft@10.98.76.54
Or:
ssh EasiestSoft
Delete openSSH rule
EasiestSoft@ubuntu:~$ sudo ufw delete allow openSSH
Disable password ssh login
EasiestSoft@ubuntu:~$ sudo vi /etc/ssh/sshd_config
PasswordAuthentication no
©2012-2019 EasiestSoft