Install OpenSSH Server on Ubuntu Server 22.04.1

Setup SSH Server on Ubuntu Server 22.04.1

This blog was written based on the Ubuntu Server 22.04.1 environment

All the value wraps in between the angle bracket <> should be replaced with a proper value.

Once the Ubuntu server instance spins up, execute the following command to ensure all the packages are refreshed and up-to-date.

sudo apt-get update -y
sudo apt-get upgrade -y

The apt-get upgrade installs the newest versions of the packages that are installed on the system from the source enumerated that listed in /etc/apt/sources.list

The apt-get update downloads the package lists from the repository and re-synchronizes the index files from the /etc/apt/sources.list and should always perform before an upgrade or dist-upgrade.

Install OpenSSH Server

Install the OpenSSH server package and ensure the SSH service is running.

sudo apt-get install openssh-server -y
systemctl status ssh

If the service is not running, run the following command and check the service status again.

sudo systemctl enable ssh
sudo systemctl start ssh

Create New User and Group

The following command creates a new user and group.

This new user was created for SSH remote purposes.

After executing the command, check if the user has been added to the new group.

sudo addgroup <sftp-group>
sudo adduser <sftp-user>
sudo passwd <sftp-user>
sudo adduser <sftp-user> <sftp-group>
sudo groups <sftp-user>

Grant Permission to the User Directory

Change the directory ownership to root user.

sudo chown root: /home/<sftp-user>

Change the permission of the directory to 755.

sudo chmod -R 755 /home/<sftp-user>

Create new directory and SSH directory

Once the permission granted, create a new directory under the /home/<sftp-user> for upload and download purpose with 755 permission.

cd /home/<sftp-user>
sudo mkdir <sftp-directory>
sudo chmod 755 <sftp-directory>
sudo chown root: <sftp-directory>

Then create the .ssh directory and a file named authorized_keys under the .ssh directory.

sudo mkdir .ssh
sudo touch .ssh/authorized_keys
chown -R <sftp-user>:<sftp-group> .ssh

Configure the SSH Config

Change the directory to where the SSH config file located and backup the config file before modifying it.

cd /etc/ssh
sudo cp sshd_config sshd_config.bak

Open the file by with the following command.

sudo vi sshd_config

Either vi or nano works too.

Troubleshoot

If the bash is complaining either the vi or nano is not found as shown at the screenshot. Run either one of them to install vi or nano.

sudo apt-get install vim -y
sudo apt-get install nano -y

Go to bottom of the page and add the following code to the file.

Match Group <sftp-group>
ChrootDirectory /home/<sftp-user>/
X11Forwarding no
AllowTcpForwarding no

Restart the service after saving the changes. sudo systemctl restart ssh

Open SSH Port

Run the following command to accept the incoming and outgoing traffic from port 22.

Enable the Uncomplicated Firewall (UFW) once the port 22 has been whitelisted.

sudo ufw allow ssh
sudo ufw enable
sudo ufw status

Troubleshoot

Run sudo apt-get install ufw -y if the ufw command is not found.

Test to Access the Server from the Client Machine

Caveats: Don't do this on the current server. The following command was done on a Windows machine, the client machine.

Open the PowerShell and run the following command to access the server via SSH.

ssh <sftp-user>@<server-ip-address>

Type exit to end the session if there is no issue accessing the server via SSH.

Troubleshoot

The IP address can be found by entering the ip address command.
If the connection closed immediately after connecting to the server with the following error, /bin/sh: No such file or directory or /bin/bash: No such file or directory. There are a few solutions,
- Comment ChrootDirectory on the /etc/ssh/sshd_config
- Go to /etc/passwd and change the shell used by the <sftp-user>.

Generate the SSH key

The next step is generating a new key pair with the ssh-keygen command.

ssh-keygen -t ed25519 -C "<email-address>"

Enter a new directory path to store your key pair. Otherwise, hit enter for the default path. The same goes for the password prompt.

Generating public/private ed25519 key pair.
Enter file in which to save the key (C:\Users\<username>/.ssh/id_ed25519):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:

The public and private keys can be found on the directory which has been set earlier.

Upload Public Key to SSH Server

Then upload the public key to the server.

cat <path-to-key>\id_ed25519.pub | ssh <sftp-user>@<server-ip-address> 'cat >> ~/.ssh/authorized_keys'

The following command appends the public key to the authorized_keys file.

Test to Access the Server using the Private Key

Once the key has been uploaded to the server, run the following command to ensure accessibility using the private key.

ssh -i <path-to-key>\id_ed25519 <sftp-user>@<server-ip-address>

Disable Password Authentication

Lastly, access the server and go to /etc/ssh/sshd_config and add the following code to disable the SSH access via password to the server.

Match group sftpaccess
ChrootDirectory /home/<sftp-user>/
X11Forwarding no
AllowTcpForwarding no
PasswordAuthentication no

Install OpenSSH Server on Ubuntu Server 22.04.1

Setup SSH Server on Ubuntu Server 22.04.1

Install OpenSSH Server

Create New User and Group

Grant Permission to the User Directory

Create new directory and SSH directory

Configure the SSH Config

Troubleshoot

Open SSH Port

Troubleshoot

Test to Access the Server from the Client Machine

Troubleshoot

Generate the SSH key

Upload Public Key to SSH Server

Test to Access the Server using the Private Key

Disable Password Authentication

References