UbuntuUbuntu Based

How To Install OpenSSH on Ubuntu 24.04 LTS

r00t
8 minutes read

Install OpenSSH on Ubuntu 24.04

Remote server management has become essential in today’s digital infrastructure. OpenSSH stands as the industry-standard solution for secure remote access, enabling system administrators and developers to manage Ubuntu servers from anywhere in the world. This comprehensive guide walks you through installing and configuring OpenSSH on Ubuntu 24.04 LTS (Noble Numbat), ensuring your system is both accessible and secure.

Whether you’re setting up a home server, configuring a cloud instance, or managing enterprise infrastructure, understanding SSH installation is fundamental. The process involves more than simple package installation—proper configuration and security hardening protect your system from unauthorized access while maintaining convenient remote connectivity.

Understanding OpenSSH

What is OpenSSH?

OpenSSH (Open Secure Shell) is a suite of secure networking utilities based on the SSH protocol. It provides encrypted communication sessions over computer networks, replacing insecure legacy protocols like Telnet and FTP. The software implements both client and server components, creating a robust framework for remote system administration.

The protocol operates through strong cryptographic techniques, authenticating users and encrypting all transmitted data. This prevents eavesdropping, connection hijacking, and network-level attacks. Modern SSH implementations support various authentication methods including password-based, public-key cryptography, and even two-factor authentication.

Why OpenSSH on Ubuntu 24.04 LTS?

Ubuntu 24.04 LTS ships with updated OpenSSH packages that include the latest security patches and performance improvements. Long-term support means five years of security updates, making it ideal for production environments. The operating system’s integration with OpenSSH ensures smooth operation and minimal configuration headaches.

SSH serves multiple purposes beyond basic terminal access. System administrators use it for secure file transfers through SFTP and SCP protocols, creating encrypted tunnels for database connections, and forwarding X11 applications remotely. Understanding these capabilities transforms SSH from a simple remote access tool into a comprehensive secure communication platform.

Prerequisites and Requirements

Before beginning the installation process, ensure your system meets these requirements:

  • Ubuntu 24.04 LTS (Noble Numbat) installed and running
  • User account with sudo privileges for administrative tasks
  • Active internet connection for downloading packages
  • Terminal or command-line interface access
  • Basic familiarity with Linux commands and text editors

Optional but recommended: a static IP address if you’re configuring a server for consistent remote access. Dynamic IPs can change after reboots, breaking your SSH connection configurations.

Step 1: Update System Packages

System updates form the foundation of secure installations. Outdated packages may contain vulnerabilities or incompatible dependencies that cause installation failures.

Open your terminal and execute these commands:

sudo apt update

This command refreshes the package repository index, downloading information about the newest versions of packages and their dependencies. You’ll see lists of repositories being queried.

Next, upgrade existing packages:

sudo apt upgrade -y

The upgrade process installs newer package versions. The -y flag automatically confirms the installation without prompting. For convenience, combine both commands:

sudo apt update && sudo apt upgrade -y

The double ampersand executes the second command only if the first succeeds. Wait for completion—this may take several minutes depending on your system’s last update.

Step 2: Install OpenSSH Server

With a refreshed system, install the OpenSSH server package:

sudo apt install openssh-server -y

This command downloads and installs the SSH daemon (sshd) along with necessary dependencies. Ubuntu distinguishes between openssh-client and openssh-server—the client comes pre-installed, while the server component requires manual installation.

During installation, the package manager creates essential directories and configuration files. The primary configuration file resides at /etc/ssh/sshd_config, controlling how your SSH server operates. Default settings work for basic scenarios but require hardening for production environments.

Installation typically completes in 30-60 seconds. The process creates a system service that can start automatically at boot. You’ll see package unpacking messages and configuration notices during installation.

Verify successful installation:

dpkg -l | grep openssh-server

This displays the installed OpenSSH server package with its version number, confirming the installation succeeded.

Step 3: Enable and Start SSH Service

Ubuntu uses systemd for service management. Enable the SSH service to start automatically at system boot:

sudo systemctl enable ssh

This creates symbolic links in the systemd configuration, ensuring SSH launches during the boot sequence. Now start the service immediately:

sudo systemctl start ssh

Alternatively, combine both operations:

sudo systemctl enable --now ssh

The --now flag starts the service while simultaneously enabling it for boot. This saves time and reduces commands.

Check the service status:

sudo systemctl status ssh

Look for these indicators in the output:

  • Loaded: Shows the service configuration is loaded
  • Active: Should display “active (running)” in green
  • Enabled: Confirms automatic startup is configured
  • Main PID: Shows the process ID of the running SSH daemon

The status output also displays recent log entries, helping identify any startup issues. Press q to exit the status view.

If the service shows as inactive or failed, troubleshoot by checking system logs:

sudo journalctl -u ssh -n 50

This displays the last 50 log entries for the SSH service, revealing configuration errors or port conflicts.

Step 4: Configure UFW Firewall

Ubuntu’s Uncomplicated Firewall (UFW) protects your system by controlling incoming and outgoing connections. Without proper firewall configuration, SSH connections will fail even with a running service.

Check current firewall status:

sudo ufw status

If inactive, enable the firewall:

sudo ufw enable

Important warning: Enabling UFW may disrupt existing network connections. When working on remote systems, always allow SSH before enabling the firewall to avoid losing access.

Allow SSH through the firewall:

sudo ufw allow ssh

This command opens port 22 for SSH traffic. Alternatively, specify the port explicitly:

sudo ufw allow 22/tcp

Both commands achieve identical results. The first uses UFW’s application profile for SSH, while the second directly specifies the port and protocol.

Verify the firewall rule:

sudo ufw status verbose

You should see an entry showing port 22 allowed from anywhere. The verbose flag displays additional details including default policies and logging status.

For enhanced security on custom SSH ports (covered later), update your firewall rules accordingly:

sudo ufw allow 2222/tcp
sudo ufw delete allow 22/tcp

Always add the new rule before removing the old one to maintain access.

Step 5: Configure OpenSSH Server Security

Default SSH configurations prioritize ease of use over security. Hardening your SSH server prevents unauthorized access and reduces attack surface.

Backup Configuration File

Always create backups before modifying system configurations:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

This preserves the original configuration for restoration if changes cause issues.

Edit SSH Configuration

Open the configuration file with your preferred text editor:

sudo nano /etc/ssh/sshd_config

Nano offers user-friendly editing for beginners. Advanced users might prefer vim or vi. The file contains numerous directives controlling SSH behavior.

Change Default SSH Port

Port 22 attracts automated attacks. Changing to a non-standard port significantly reduces brute-force attempts.

Find this line:

#Port 22

Uncomment and change it:

Port 2222

Choose ports in the range 49152-65535 to avoid conflicts with standard services. Remember your chosen port—you’ll need it for connections.

After changing ports, update your firewall:

sudo ufw allow 2222/tcp
sudo ufw delete allow 22/tcp

Disable Root Login

Root login via SSH poses significant security risks. Attackers specifically target root accounts.

Find this line:

#PermitRootLogin prohibit-password

Change it to:

PermitRootLogin no

This forces users to log in with regular accounts and use sudo for administrative tasks. This creates audit trails showing who performed privileged operations.

Configure Authentication Methods

Control how users authenticate to your server:

PubkeyAuthentication yes
PasswordAuthentication yes
PermitEmptyPasswords no

Initially keep password authentication enabled while setting up key-based authentication. Once keys work properly, disable password authentication for maximum security:

PasswordAuthentication no

Additional Security Settings

Add these directives to further harden SSH:

MaxAuthTries 3
LoginGraceTime 60

MaxAuthTries limits failed login attempts before disconnection. LoginGraceTime sets how long the server waits for successful authentication, measured in seconds.

Restrict SSH access to specific users:

AllowUsers username1 username2

Replace username1 and username2 with actual usernames permitted to connect. This whitelist approach denies access to all unlisted users.

Apply Configuration Changes

Save the file (in nano: Ctrl+X, then Y, then Enter). Test the configuration syntax:

sudo sshd -t

This validates your configuration without restarting the service. If errors appear, review your changes carefully. Syntax errors prevent SSH from starting.

With valid configuration, restart the SSH service:

sudo systemctl restart ssh

Critical: Before closing your current SSH session, test the new configuration in a separate terminal window. This prevents lockouts from configuration mistakes.

Step 6: Find Your Server IP Address

Remote connections require knowing your server’s IP address. Retrieve it using:

ip addr show

Or the shorter version:

ip a

Look for your active network interface (commonly eth0, ens33, or enp0s3). The IPv4 address appears after “inet”—typically formatted like 192.168.1.100.

Alternatively:

hostname -I

This displays all configured IP addresses. The first address is usually your primary network interface.

For servers with public IP addresses, distinguish between private and public IPs. Private addresses (192.168.x.x, 10.x.x.x) work only within local networks. Public IPs enable internet-wide connectivity.

Step 7: Test SSH Connection

Testing confirms your installation works correctly.

Connect from Remote Machine

From another computer on your network, open a terminal and connect:

ssh username@server_ip

Replace username with your actual Ubuntu username and server_ip with the IP address found earlier. For example:

ssh john@192.168.1.100

If you changed the SSH port, specify it:

ssh -p 2222 john@192.168.1.100

The -p flag designates the port number.

First Connection Warning

Your first connection displays a message about host authenticity:

The authenticity of host '192.168.1.100' can't be established.
ECDSA key fingerprint is SHA256:...
Are you sure you want to continue connecting (yes/no)?

Type yes and press Enter. This adds the server to your known hosts file, preventing future warnings. The fingerprint verification prevents man-in-the-middle attacks.

Enter your password when prompted. Successful authentication displays your server’s welcome message and command prompt.

Testing from Local Machine

Test locally to verify the service runs correctly:

ssh username@localhost

This connects to your own system, confirming SSH accepts connections.

Advanced OpenSSH Configuration

SSH Key-Based Authentication

Key-based authentication eliminates password vulnerabilities. Generate an SSH key pair on your client machine:

ssh-keygen -t ed25519 -C "your_email@example.com"

Press Enter to accept the default file location. Set a strong passphrase for additional security.

Copy your public key to the server:

ssh-copy-id -p 2222 username@server_ip

Adjust the port number if you changed it. This command appends your public key to the server’s ~/.ssh/authorized_keys file.

Test key authentication:

ssh -p 2222 username@server_ip

You should connect without entering your account password (though you may need the key passphrase). Once confirmed working, disable password authentication in /etc/ssh/sshd_config:

PasswordAuthentication no

Restart SSH to apply changes.

Session Keep-Alive Settings

Prevent disconnections due to inactivity:

ClientAliveInterval 120
ClientAliveCountMax 3

The server sends keep-alive messages every 120 seconds. After three unanswered messages, it disconnects the client.

Custom Login Banners

Display messages before authentication:

Banner /etc/ssh/banner

Create the banner file with your message. Many organizations use this for legal warnings about authorized access.

Common Troubleshooting Issues

Connection Refused

This error indicates SSH isn’t running. Check the service status:

sudo systemctl status ssh

If inactive, start it:

sudo systemctl start ssh

Connection Timeout

Timeouts suggest firewall blocking or incorrect IP addresses. Verify:

  1. Firewall rules allow your SSH port
  2. IP address is correct and reachable
  3. Network connectivity exists between client and server

Test basic connectivity:

ping server_ip

Permission Denied

Authentication failures have several causes:

  • Incorrect username or password
  • Key authentication misconfigured
  • User not in AllowUsers list
  • Account locked or expired

Review authentication logs:

sudo tail -f /var/log/auth.log

This displays real-time authentication attempts, revealing specific failure reasons.

Configuration Syntax Errors

After editing /etc/ssh/sshd_config, SSH may fail to start. Check for typos:

sudo sshd -t

This validates syntax without affecting the running service. Fix reported errors before restarting.

Restore from backup if necessary:

sudo cp /etc/ssh/sshd_config.backup /etc/ssh/sshd_config
sudo systemctl restart ssh

Congratulations! You have successfully installed OpenSSH. Thanks for using this tutorial for installing OpenSSH on your Ubuntu 24.04 LTS. For additional help or useful information, we recommend you check the official OpenSSH website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
8 minutes read
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2026 idroot.us | All Rights Reserved | Follow us for more Linux tutorials!
Back to top button