How to Setup SSH server on Linux Ubuntu

Create SSH key in local machine Ubuntu

ssh-keygen -t rsa -b 2048 -C "EasiestSoft.com" sudo mkdir path-to-save-id_rsa cp ~/.ssh/id_rsa ~/path-to-sav-id_rsa

Create new SSH user on Server

$ ssh root@10.98.76.54 # reset root password $ passwd $ apt update $ apt upgrade $ adduser EasiestSoft $ usermod -aG sudo EasiestSoft $ getent sudo

Configure SSH server settings

$ sudo vi /etc/ssh/sshd_config Port 987 Protocol 2 HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key HostKey /etc/ssh/ssh_host_ed25519_key UsePrivilegeSeparation yes KeyRegenerationInterval 3600 ServerKeyBits 2048 SyslogFacility AUTH LogLevel INFO LoginGraceTime 120 PermitRootLogin no StrictModes yes RSAAuthentication yes PubkeyAuthentication yes IgnoreRhosts yes RhostsRSAAuthentication no HostbasedAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no PasswordAuthentication yes X11Forwarding yes X11DisplayOffset 10 PrintMotd no PrintLastLog yes TCPKeepAlive no ClientAliveInterval 300 ClientAliveCountMax 2 AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server UsePAM yes AllowUsers EasiestSoft

Set SSH key for new SSH user

EasiestSoft@ubuntu$ mkdir ~/.ssh $ touch ~/.ssh/authorized_keys $ vi ~/.ssh/authorized_keys $ chmod 400 ~/.ssh/authorized_keys $ chmod 700 ~/.ssh $ sudo service ssh restart

Setup a basic firewall for SSH on Ubuntu

EasiestSoft@ubuntu:~$ cd /etc/ufw/applications.d/ $ cat openssh-server [OpenSSH] title=Secure shell server, an rshd replacement description=OpenSSH is a free implementation of the Secure Shell protocol. ports=22/tcp $ sudo cp openssh-server myssh $ sudo vi myssh [mySSH] title=Secure shell server, an rshd replacement description=OpenSSH is a free implementation of the Secure Shell protocol. ports=987/tcp $ sudo ufw enable $ sudo ufw app list OpenSSH mySSH $ sudo ufw allow openSSH $ sudo ufw allow mySSH $ sudo ufw status verbose To Action From -- ------ ---- 22/tcp (OpenSSH) ALLOW IN Anywhere 987/tcp (mySSH) ALLOW IN Anywhere 22/tcp (OpenSSH (v6)) ALLOW IN Anywhere (v6) 987/tcp (mySSH (v6)) ALLOW IN Anywhere (v6)

We use both openSSH and mySSH now, will delete openSSH later

SSH client configuration

Host EasiestSoft HostName 10.98.76.54 User EasiestSoft Port 543 IdentityFile path/to/rsa IdentitiesOnly yes

Test the new SSH server

Please note: DON't close the terminal, create a new terminal window to test the new ssh_config, we need to change settings if we are unable log in using the rsa key

ssh -i path_to_id_rsa -p 987 EasiestSoft@10.98.76.54

Or:

ssh EasiestSoft

Delete openSSH rule

EasiestSoft@ubuntu:~$ sudo ufw delete allow openSSH

Disable password ssh login

EasiestSoft@ubuntu:~$ sudo vi /etc/ssh/sshd_config PasswordAuthentication no

©2012-2019 EasiestSoft