Secure Shell (SSH) is a network protocol primarily used for encrypting connections between a client and a server. Each interaction between the client and server is encrypted.
This tutorial explains how to enable SSH on an Ubuntu machine.
Enabling SSH will allow you to remotely connect to your system and perform administrative tasks. You will also be able to securely transfer files through scp and sftp.
1. Enabling SSH on Ubuntu
By default, remote access via SSH is not allowed when Ubuntu is first installed. Enabling SSH on Ubuntu is straightforward.
As a root or other sudo user, follow these steps to install and enable SSH on your Ubuntu system.
(1) Open a terminal using Ctrl+Alt+T and install the OpenSSH-server package:
sudo apt update
sudo apt install openssh-server
When prompted, enter your password and press Enter to continue the installation.
(2) Once the installation is complete, the SSH service will be automatically started. You can verify if SSH is running by entering:
sudo systemctl status ssh
The output will tell you that the service is running and enabled at boot:
● ssh.service - OpenBSD Secure Shell server
Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2020-06-01 12:34:00 CEST; 9h ago
Press q to return to the command line.
(3) Ubuntu comes with a firewall configuration tool called UFW. If the firewall is enabled on your system, make sure to open the SSH port:
sudo ufw allow ssh
Now you can connect to your Ubuntu system via SSH from any remote machine. Linux and macOS systems come with an SSH client installed by default. To connect from a Windows machine, use an SSH client such as PUTTY.
2. Connect to SSH Server
To connect to your Ubuntu machine within a local network, enter the ssh command in the following format, along with your username and IP address.
Make sure to replace
username with your username and
ip_address with the IP address of the Ubuntu machine where SSH is installed.
If you don't know your IP address, you can easily find it using the
From the output, you can see that the system's IP address is 10.0.2.15.
Once you have found the IP address, log in to the remote machine by running the following ssh command:
When you connect for the first time, you will see the following message:
The authenticity of host '10.0.2.15 (10.0.2.15)' can't be established. ECDSA key fingerprint is SHA256:Vybt22mVXuNuB5unE++yowF7lgA/9/2bLSiO3qmYWBY. Are you sure you want to continue connecting (yes/no)?
yes and you will be prompted to enter your password:
Warning: Permanently added '10.0.2.15' (ECDSA) to the list of known hosts. [email protected]'s password:
Once you enter your password, you will see the default Ubuntu message:
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-26-generic x86_64)
* Documentation: https://help.ubuntu.com
* Management: https://landscape.canonical.com
* Support: https://ubuntu.com/advantage
You can now log in to your Ubuntu machine.
3. Connecting to SSH behind NAT
To connect to your Ubuntu machine over the internet, you will need to know your public IP address and configure your router to receive port 22 data and send it to the Ubuntu machine running SSH.
To obtain the public IP of the machine you are attempting to SSH into, access the URL https://api.ipify.org from that machine.
When setting up port forwarding, each router has a different way of setting up port forwarding. You should refer to your router's documentation for information on how to set up port forwarding. In general, you should enter the SSH port number you set up earlier, which is 22, and the private IP address of the server.
Once you have found the IP address and configured your router, enter:
If you expose your machine to the internet, it's best to take some security measures. The most basic measure is to configure your router to accept SSH traffic on a non-standard port and forward it to port 22 on the machine running the SSH service.
You can also set up SSH key-based authentication, which allows you to connect to your Ubuntu machine without using a password.
4. Disabling SSH on Ubuntu
To disable the SSH server on your Ubuntu system, simply stop SSH by typing:
sudo systemctl disable --now ssh
Later, you can re-enable it by typing:
sudo systemctl enable --now ssh
We have shown you how to install and enable SSH on your Ubuntu 20.04. Now you can log into your machine and perform sysadmin tasks through the command line.
If you manage multiple systems, you can streamline your workflow by defining all your connections in the SSH configuration file. Changing the default SSH port will make your system more secure and reduce the risk of automated attacks.