Ultimate SSH Setup Guide for Ubuntu: Secure Remote Access, Configuration, and Troubleshooting

1. Introduction

By using SSH on Ubuntu, you can securely access and operate servers or PCs remotely. This article provides a detailed explanation of SSH—from its basic concepts and how to install an SSH server on Ubuntu, to security best practices and troubleshooting—using clear explanations suitable even for beginners.

What Is SSH?

SSH (Secure Shell) is a protocol that allows secure remote connections to computers over a network. Unlike traditional protocols such as Telnet or FTP, SSH encrypts communication data, significantly reducing the risk of eavesdropping and tampering.

Main Use Cases of SSH on Ubuntu

The main scenarios in which SSH is used on Ubuntu include the following:

• Remote Server Management: Operate Ubuntu servers from remote locations
• File Transfer: Securely exchange files using SCP or SFTP
• Port Forwarding: Establish secure remote connections

What You Will Learn in This Article

• Basic concepts and mechanisms of SSH
• How to install an SSH server on Ubuntu
• How to configure SSH connections and troubleshoot errors
• Security best practices for SSH

2. Basic Concepts of SSH

To use SSH effectively, it is crucial to understand its core concepts. In this chapter, we explain how SSH works and the differences between authentication methods.

How SSH Works

SSH is a protocol that establishes a secure connection between a client and a server. By default, it uses TCP port 22 for encrypted communication.

Main Features

• Remote Login: Execute commands on a server
• File Transfer: Send data securely via SCP or SFTP
• Port Forwarding: Connect to other services through SSH

SSH Authentication Methods

SSH primarily offers two authentication methods:

Password Authentication

• Log in using a username and password
• Simple, but vulnerable to brute-force attacks

Public Key Authentication

• Authentication using a public and private key pair
• More secure and recommended by default

Advantages of SSH

• Encrypted Communication: Protects transmitted data
• Easy Remote Management: Access from anywhere
• Enhanced Security: Helps prevent unauthorized access

3. Installing an SSH Server on Ubuntu

To use SSH on Ubuntu, you must install the OpenSSH server package. This chapter explains how to install and configure it.

Installing the OpenSSH Server

You can install the OpenSSH server on Ubuntu using the following commands:

sudo apt update
sudo apt install openssh-server

After installation, verify that the SSH service is running:

sudo systemctl status ssh

Starting and Managing the SSH Service

To manually start or stop the SSH service, use the following commands:

# Start SSH
sudo systemctl start ssh

# Enable SSH to start automatically after reboot
sudo systemctl enable ssh

# Stop SSH
sudo systemctl stop ssh

Configuring UFW (Uncomplicated Firewall)

If UFW is enabled, SSH connections may be blocked. Allow SSH port (22) with the commands below:

sudo ufw allow ssh
sudo ufw enable

4. Configuring SSH Connections

To use SSH securely, proper configuration is essential. This chapter explains how to set up public key authentication.

Generating a Key Pair

Run the following command on the client machine to generate a public/private key pair:

ssh-keygen -t rsa -b 4096

By default, the private key is stored in ~/.ssh/id_rsa, and the public key is stored in ~/.ssh/id_rsa.pub.

Uploading the Public Key to the Server

Transfer the generated public key to the SSH server:

ssh-copy-id username@server-ip-address

Or transfer manually:

scp ~/.ssh/id_rsa.pub username@server-ip-address:~/

On the server, execute the following commands to place the public key in the correct directory:

mkdir -p ~/.ssh
cat ~/id_rsa.pub >> ~/.ssh/authorized_keys
chmod 600 ~/.ssh/authorized_keys
rm ~/id_rsa.pub

Editing sshd_config

Open the SSH configuration file to enhance security settings:

sudo nano /etc/ssh/sshd_config

Check and edit the following configuration items:

# Disable password authentication (use public key only)
PasswordAuthentication no

# Disable root login
PermitRootLogin no

# Change the SSH port (example: 2222)
Port 2222

After making changes, restart the SSH service:

sudo systemctl restart ssh

5. Executing SSH Connections

Once the SSH server is configured on Ubuntu, you can connect from a client machine. This chapter explains basic SSH usage and connection methods when the port is changed.

Basic SSH Connection Command

Use the following command to connect from an SSH client to the server:

ssh username@server-ip-address

For example, if the server IP is 192.168.1.10 and the username is ubuntu, type:

ssh ubuntu@192.168.1.10

On the first connection, the server’s fingerprint will be displayed. Enter yes to accept and proceed.

Connecting After Changing the Port Number

If you changed the SSH port—for example, to 2222—use the -p option:

ssh -p 2222 ubuntu@192.168.1.10

Connecting with a Private Key

If public key authentication is configured, specify the private key using the -i option:

ssh -i ~/.ssh/id_rsa ubuntu@192.168.1.10

Running Remote Commands via SSH

You can run commands directly on the remote server without logging in interactively:

ssh ubuntu@192.168.1.10 "ls -lah /home/ubuntu"

This approach enables efficient automation and remote operations using scripts.

Transferring Files with SCP

You can transfer files between the local PC and remote server using SSH.

Local → Remote

scp filename username@server-ip-address:/remote/directory

Example:

scp myfile.txt ubuntu@192.168.1.10:/home/ubuntu/

Remote → Local

scp username@server-ip-address:/remote/filename /local/directory

Example:

scp ubuntu@192.168.1.10:/home/ubuntu/myfile.txt ./

Managing Files with SFTP

You can also manage files using SFTP:

sftp ubuntu@192.168.1.10

Once connected, you can run the following commands:

ls        # List files
cd        # Change directory
put filename   # Upload a local file to the remote server
get filename   # Download a remote file to the local machine
exit      # Exit the connection

6. Troubleshooting SSH Connections

It is not uncommon to encounter issues when connecting via SSH. This chapter describes common problems and how to solve them.

Common Causes of SSH Connection Errors and Solutions

When an SSH connection fails, the cause is typically one of the following:

1. The SSH Server Is Not Running

First, confirm that the SSH server is running properly:

sudo systemctl status ssh

Solution:

• If the SSH server is stopped, start it using the following command:

  sudo systemctl start ssh

• To enable SSH to automatically start after reboot, run:

  sudo systemctl enable ssh

2. The Firewall (UFW) Is Blocking SSH

If UFW (Uncomplicated Firewall) is enabled, SSH access may be blocked:

Solution:

• Check the current UFW configuration:

  sudo ufw status

• Allow SSH access:

  sudo ufw allow ssh

(If using a custom port, run sudo ufw allow <port-number>)

• Restart UFW:

  sudo ufw reload

3. The Port Number Has Been Changed

If the SSH server is not using the default port 22, you must specify the correct port when connecting:

Solution:

• Check the port number on the server:

  sudo grep Port /etc/ssh/sshd_config

• Specify the correct port on the client:

  ssh -p 2222 username@server-ip-address

4. Incorrect SSH Key Permissions

If you are using public key authentication, incorrect key permissions may prevent connection.

Solution:

• Set permissions for the private key:

  chmod 600 ~/.ssh/id_rsa

• Set permissions for the public key:

  chmod 644 ~/.ssh/authorized_keys

5. Host Key Mismatch

If the SSH host key on the server has changed, the client may show an error such as: “WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!”

Solution:

• Remove the old host key:

  ssh-keygen -R <server-ip-address>

• Attempt to connect again:

  ssh username@server-ip-address

6. Checking SSH Logs

To identify detailed SSH error messages, check the server log files:

sudo journalctl -u ssh --no-pager | tail -n 20

To monitor logs in real time, run:

sudo tail -f /var/log/auth.log

7. SSH Connection Timeout Issues

If SSH connections are slow or disconnect unexpectedly, review the following points:

Solution:

• Enable KeepAlive
  Add the following to the client’s ~/.ssh/config:

  Host *
      ServerAliveInterval 60

• Adjust timeout settings on the server
  Add the following to /etc/ssh/sshd_config and restart the service:

  ClientAliveInterval 60
  ClientAliveCountMax 3

  sudo systemctl restart ssh

Summary

SSH connection problems typically stem from the following points. In most cases, checking these items resolves the issue:

✅ Verify that the SSH service is running
✅ Check whether the firewall is blocking the connection
✅ Confirm the correct SSH port is being used
✅ Ensure SSH key permissions are properly set
✅ Review SSH logs to identify detailed errors

7. Enhancing SSH Security

SSH is a powerful remote access tool, but without proper security measures, it can become a target for unauthorized access or brute-force attacks. This chapter explains recommended settings for strengthening SSH security.

1. Disable Password Authentication and Use Public Key Authentication

By default, SSH allows password login, which increases the risk of brute-force attacks. Enable public key authentication and disable password authentication to improve security.

Steps

1. Edit sshd_config

   sudo nano /etc/ssh/sshd_config

2. Edit or add the following settings

   PasswordAuthentication no
   PubkeyAuthentication yes

3. Restart the SSH service

   sudo systemctl restart ssh

After applying this configuration, SSH will only accept public key authentication. Make sure your SSH keys are correctly configured beforehand.

2. Change the SSH Port Number

Using the default SSH port (22) makes servers easier targets for attackers. Changing the port number helps reduce unauthorized access attempts.

Steps

1. Open sshd_config

   sudo nano /etc/ssh/sshd_config

2. Modify the following line (example: change port to 2222)

   Port 2222

3. Allow the new port through the firewall

   sudo ufw allow 2222/tcp

4. Restart the SSH service

   sudo systemctl restart ssh

5. Test the connection using the new port

   ssh -p 2222 username@server-ip-address

3. Disable Root Login

By default, SSH allows root login, which poses a serious security risk. It is recommended to allow SSH access only through regular user accounts and use sudo when administrative privileges are required.

Steps

1. Open sshd_config

   sudo nano /etc/ssh/sshd_config

2. Edit the following line

   PermitRootLogin no

3. Restart the SSH service

   sudo systemctl restart ssh

4. Prevent Brute-Force Attacks with Fail2Ban

Fail2Ban detects unauthorized login attempts and automatically blocks IP addresses that exceed a certain number of failures.

Installation and Configuration

1. Install Fail2Ban

   sudo apt install fail2ban -y

2. Copy the default configuration file

   sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local

3. Edit jail.local

   sudo nano /etc/fail2ban/jail.local

4. Modify the [sshd] section

   [sshd]
   enabled = true
   maxretry = 5
   bantime = 600
   findtime = 600

• maxretry: Number of allowed failed login attempts
• bantime: Duration of IP block (seconds)
• findtime: Time window for counting failed attempts (seconds)

1. Restart Fail2Ban

   sudo systemctl restart fail2ban

6. Check the current Fail2Ban status

   sudo fail2ban-client status sshd

Summary

To enhance SSH security, apply the following measures:

✅ Disable password authentication and use public key authentication
✅ Change the SSH port to reduce attack exposure
✅ Disable root login to minimize risks
✅ Use Fail2Ban to prevent brute-force attacks

8. Frequently Asked Questions (FAQ)

This section addresses common questions and issues that arise when configuring and using SSH.

Q1: Why does SSH show “Connection refused”?

There are several possible causes for an SSH connection being refused.

Main causes and solutions:

1. The SSH service is not running

   sudo systemctl status ssh

Solution: Start the service if it is stopped.

   sudo systemctl start ssh

2. The firewall (UFW) is blocking SSH

   sudo ufw allow ssh
   sudo ufw enable

3. The SSH port number has been changed
   If SSH uses a custom port, specify it when connecting.

   ssh -p 2222 username@server-ip-address

Q2: How do I change the default SSH port?

Port 22 is a common attack target, so changing it improves security.

Steps:

1. Edit the SSH configuration file

   sudo nano /etc/ssh/sshd_config

2. Modify the Port directive

   Port 2222

3. Allow the new port through the firewall

   sudo ufw allow 2222/tcp

4. Restart the SSH service

   sudo systemctl restart ssh

After making these changes, connect using the new port:

ssh -p 2222 username@server-ip-address

Q3: What should I check if public key authentication is not working?

Verify the following if SSH key authentication fails:

1. Ensure the public key is properly installed

   ls -l ~/.ssh/authorized_keys

Make sure authorized_keys exists and contains the correct key.

2. Check file permissions

   chmod 600 ~/.ssh/authorized_keys
   chmod 700 ~/.ssh

3. Verify that SSH allows public key authentication

   sudo nano /etc/ssh/sshd_config

Ensure the following entries are present:

   PubkeyAuthentication yes
   PasswordAuthentication no

4. Restart the SSH service

   sudo systemctl restart ssh

Q4: How do I allow SSH access only from specific IP addresses?

Restricting SSH access to specific IP addresses significantly increases security.

Method 1: Edit sshd_config

1. Open the configuration file

   sudo nano /etc/ssh/sshd_config

2. Add an AllowUsers entry

   AllowUsers username@192.168.1.100

3. Restart the SSH service

   sudo systemctl restart ssh

Method 2: Configure the firewall (UFW)

1. Allow access from a specific IP

   sudo ufw allow from 192.168.1.100 to any port 22

2. Deny access from others

   sudo ufw deny 22

Q5: How can I change the SSH session timeout?

If your SSH session disconnects after being idle, modify the following settings.

Client-side settings

1. Add the following to ~/.ssh/config:

   Host *
       ServerAliveInterval 60

Server-side settings

1. Edit sshd_config

   sudo nano /etc/ssh/sshd_config

2. Add or modify:

   ClientAliveInterval 60
   ClientAliveCountMax 3

3. Restart the SSH service

   sudo systemctl restart ssh

Summary

This FAQ covered the most common SSH issues and solutions. When a problem occurs, always review logs and configuration settings to pinpoint the cause.

✅ How to resolve “Connection refused” issues
✅ How to change the default SSH port and connect correctly
✅ How to troubleshoot public key authentication failures
✅ How to restrict SSH access to specific IP addresses
✅ How to prevent SSH session timeouts

9. Conclusion

This article explained how to configure and use SSH on Ubuntu, from basic concepts to advanced security practices. Let’s recap the key points.

Key Takeaways

1. SSH Basics

• SSH enables secure remote access over encrypted communication.
• More secure than Telnet or FTP.
• Authentication methods include password authentication and public key authentication.

2. Installing the SSH Server

• Install OpenSSH via sudo apt install openssh-server.
• Verify service status with systemctl status ssh.
• Allow SSH access via UFW using sudo ufw allow ssh.

3. Configuring SSH Access

• Connect with ssh username@server-ip-address.
• Use public key authentication for improved security.
• Disable password authentication in sshd_config if desired.

4. Troubleshooting

• Check if SSH is running (systemctl status ssh).
• Specify the correct port if changed (ssh -p 2222 username@IP).
• Verify key permissions in ~/.ssh/authorized_keys.

5. Security Enhancements

• Disable password authentication and rely on public keys.
• Change the SSH port to reduce scanning attacks.
• Use Fail2Ban to block repeated login failures.
• Restrict SSH access to specific IP addresses where possible.

Additional Learning Resources

To deepen your understanding of SSH, explore the following resources:

📚 Official Documentation

• Ubuntu SSH Guide
• OpenSSH Official Manual

🛠 Related Tools

• PuTTY for SSH access on Windows
• Download PuTTY
• MobaXterm for advanced SSH features
• MobaXterm Official Site

🎥 Recommended Videos

• Search YouTube for “Ubuntu SSH setup” to find beginner-friendly tutorials.

YouTube

作成した動画を友だち、家族、世界中の人たちと共有…

Next Steps

Once you understand how SSH works, explore more advanced uses:

✅ Automate server management using Ansible over SSH

• Ideal for managing multiple servers efficiently.

✅ SSH tunneling and port forwarding

• Use SSH to secure remote desktop connections or create VPN-like tunnels.

✅ Monitor SSH logs and improve security

• Use tools like fail2ban and logwatch to watch for suspicious activity.

Final Thoughts

Thank you for reading this guide to the end! 🎉
Properly configuring SSH on Ubuntu greatly enhances remote management efficiency and security.

As you continue learning, explore advanced techniques like secure tunneling and proactive monitoring to build even more robust systems.

Enjoy a secure and productive SSH experience! 🖥️🔐