How Setup SSH server on Linux Ubuntu 18.04

🎂 Creat SSH key in local machine Ubuntu

ssh-keygen -t rsa -b 2048 -C "tuenhai.com"
sudo mkdir path-to-save-id_rsa
cp ~/.ssh/id_rsa ~/path-to-sav-id_rsa

😎 Create new SSH user on Server

$ ssh root@10.98.76.54  
# reset root password
$ passwd
$ apt update
$ apt upgrade

$ adduser tuenhai
$ usermod -aG sudo tuenhai
$ getent sudo

🐞 Configure SSH server settings

$ sudo vi /etc/ssh/sshd_config

Port 987
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes

KeyRegenerationInterval 3600
ServerKeyBits 2048

SyslogFacility AUTH
LogLevel INFO

LoginGraceTime 120
PermitRootLogin no
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes

IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no

PermitEmptyPasswords no
ChallengeResponseAuthentication no

PasswordAuthentication yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive no
ClientAliveInterval 300
ClientAliveCountMax 2

AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes

AllowUsers tuenhai

😸 Set SSH key for new SSH user

tuenhai@ubuntu$ mkdir ~/.ssh
$ touch ~/.ssh/authorized_keys
$ vi ~/.ssh/authorized_keys

$ chmod 400 ~/.ssh/authorized_keys
$ chmod 700 ~/.ssh

$ sudo service ssh restart

😼 Setup a basic firewall for SSH on Ubuntu

tuenhai@ubuntu:~$ cd /etc/ufw/applications.d/
$ cat openssh-server
[OpenSSH]
title=Secure shell server, an rshd replacement
description=OpenSSH is a free implementation of the Secure Shell protocol.
ports=22/tcp

$ sudo cp openssh-server myssh
$ sudo vi myssh
[mySSH]
title=Secure shell server, an rshd replacement
description=OpenSSH is a free implementation of the Secure Shell protocol.
ports=987/tcp

$ sudo ufw enable
$ sudo ufw app list
OpenSSH
mySSH

$ sudo ufw allow openSSH
$ sudo ufw allow mySSH

$ sudo ufw status verbose
To                         Action      From
--                         ------      ----
22/tcp (OpenSSH)           ALLOW IN    Anywhere
987/tcp (mySSH)             ALLOW IN    Anywhere
22/tcp (OpenSSH (v6))      ALLOW IN    Anywhere (v6)
987/tcp (mySSH (v6))        ALLOW IN    Anywhere (v6)

we use both openSSH and mySSH now, will delete openSSH later

🏈 ssh client config

Host tuenhai
    HostName 10.98.76.54
    User tuenhai
    Port 987
    IdentityFile path/to/rsa
    IdentitiesOnly yes

🍮 Test the new SSH server

Please note: DON't close the terminal, create a new terminal window to test the new ssh_config, we need to change settings if we are unable log in using the rsa key

ssh -i path_to_id_rsa -p 987 tuenhai@10.98.76.54

Or:

ssh tuenhai

🚜 Delete openSSH rull

tuenhai@ubuntu:~$ sudo ufw delete allow openSSH

🎳 Disable password ssh login

tuenhai@ubuntu:~$ sudo vi /etc/ssh/sshd_config
PasswordAuthentication no

results matching ""

    No results matching ""