How to Setup SSH server on Linux Ubuntu

Create SSH key in local machine Ubuntu

ssh-keygen -t rsa -b 2048 -C "EasiestSoft.com"
sudo mkdir path-to-save-id_rsa
cp ~/.ssh/id_rsa ~/path-to-sav-id_rsa

Create new SSH user on Server

$ ssh root@10.98.76.54  
# reset root password
$ passwd
$ apt update
$ apt upgrade

$ adduser EasiestSoft
$ usermod -aG sudo EasiestSoft
$ getent sudo

Configure SSH server settings

$ sudo vi /etc/ssh/sshd_config

Port 987
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes

KeyRegenerationInterval 3600
ServerKeyBits 2048

SyslogFacility AUTH
LogLevel INFO

LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no

PermitEmptyPasswords no
ChallengeResponseAuthentication no

PasswordAuthentication yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive no
ClientAliveInterval 300
ClientAliveCountMax 2

AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

AllowUsers EasiestSoft

Set SSH key for new SSH user

EasiestSoft@ubuntu$ mkdir ~/.ssh
$ touch ~/.ssh/authorized_keys
$ vi ~/.ssh/authorized_keys

$ chmod 400 ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh

$ sudo service ssh restart

Setup a basic firewall for SSH on Ubuntu

EasiestSoft@ubuntu:~$ cd /etc/ufw/applications.d/
$ cat openssh-server
[OpenSSH]
title=Secure shell server, an rshd replacement
description=OpenSSH is a free implementation of the Secure Shell protocol.
ports=22/tcp

$ sudo cp openssh-server myssh
$ sudo vi myssh
[mySSH]
title=Secure shell server, an rshd replacement
description=OpenSSH is a free implementation of the Secure Shell protocol.
ports=987/tcp

$ sudo ufw enable
$ sudo ufw app list
OpenSSH
mySSH

$ sudo ufw allow openSSH
$ sudo ufw allow mySSH

$ sudo ufw status verbose
To                         Action      From
--                         ------      ----
22/tcp (OpenSSH)           ALLOW IN    Anywhere
987/tcp (mySSH)             ALLOW IN    Anywhere
22/tcp (OpenSSH (v6))      ALLOW IN    Anywhere (v6)
987/tcp (mySSH (v6))        ALLOW IN    Anywhere (v6)

We use both openSSH and mySSH now, will delete openSSH later

SSH client configuration

Host EasiestSoft
    HostName 10.98.76.54
    User EasiestSoft
    Port 543
    IdentityFile path/to/rsa
    IdentitiesOnly yes

Test the new SSH server

Please note: DON't close the terminal, create a new terminal window to test the new ssh_config, we need to change settings if we are unable log in using the rsa key

ssh -i path_to_id_rsa -p 987 EasiestSoft@10.98.76.54

Or:

ssh EasiestSoft

Delete openSSH rule

EasiestSoft@ubuntu:~$ sudo ufw delete allow openSSH

Disable password ssh login

EasiestSoft@ubuntu:~$ sudo vi /etc/ssh/sshd_config
PasswordAuthentication no

©2012-2019 EasiestSoft