Install and configure SSH Server on Ubuntu Server

Preparations before installation

Ubuntu is easy to use because it inherits debian's apt system. We believe you have learned this in the installation system tutorial. However, apt depends on the network. The system we installed yesterday cannot be connected to the network for the time being. We need to set it up first.

First, activate the NIC of the server. The command is as follows:

Sudo nano/etc/network/interfaces

Add the following content to interfaces:

Auto eth0 iface eth0 inet static address 202.113.235.181 netmask 255.255.255.0 gateway 202.113.235.1 here, the IP address marked in the Italic part is the setting of our server. You need to modify it according to your actual situation. Of course, if your server uses DHCP to allocate IP addresses, you only need to write iface eth0 inet dhcp. You do not need to set address/netmask/gateway.

Then, modify resolv. conf to configure the DNS server:

Sudo nano/etc/resolv. conf

Add your DNS server address:

After nameserver 202.113.16.10 nameserver 202.113.16.11 is complete, restart the networking service:

Sudo/etc/init. d/networking restart

In this way, the network can be connected. If you are using ADSL, you may need to install pppoe and other things. Considering that the server rarely uses such a configuration, we will not discuss it here. If you need it, you can find it online.

Install and set OpenSSH Server

Installing OpenSSH Server in Ubuntu is very easy. Only one command is required:

Sudo apt-get install openssh-server

Later, Ubuntu automatically downloads and installs openssh server, and resolves all dependencies. After completing this operation, you can find another computer and then use an SSH client (PuTTy is strongly recommended) to enter the IP address of your server. If everything is normal, you can connect later. You can log on with the existing user name and password.

In fact, if you have no special requirements, you can install OpenSSH Server here. However, further setting can shorten the OpenSSH logon time and improve security. All of this is implemented by modifying the openssh configuration file sshd_config.

First, you may find that it takes a long time to prompt you to enter the password after entering the user name. In fact, this is because sshd needs to reverse query the dns information of the client. We can disable this feature to greatly increase the logon speed. First, open the sshd_config file:

Sudo nano/etc/ssh/sshd_config

Find the GSSAPI options section and comment out the following two lines:

# GSSAPIAuthentication yes # GSSAPIDelegateCredentials no and restart the ssh service:

Sudo/etc/init. d/ssh restart

Try again. It should be very fast.

Use PuTTy to log on to the server through certificate authentication

In the SSH service, all content is encrypted and secure. However, if you can use the Certificate for authentication, the security will be further improved, and after some settings, you can also achieve the effect of automatic login for certificate authentication.

First, modify the sshd_config file to enable the certificate authentication option:

RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile % h/. ssh/authorized_keys after modification is completed, restart the ssh service. Next, we need to create a private key and a public key for the SSH user. First, you need to log on to the account that requires key establishment. Here, you must exit the root user. If necessary, use the su command to switch to another user. Then run:

Ssh-keygen

Here, we can store the generated key in the default directory. The passphrase will be prompted During the creation process, which is equivalent to adding a password to the certificate, which is also a measure to improve security, so even if the certificate is accidentally copied away, It is not afraid. Of course, if this field is left blank, PuTTy will automatically log on to the system after passing the certificate authentication.

 

The ssh-keygen command generates two keys. First, we need to rename the public key to the server:

Cd ~ /. Ssh mv id_rsa.pub authorized_keys, copy the private key id_rsa from the server, and delete the id_rsa file on the server.

The settings on the server are complete. The following steps need to be done on the client computer. First, we need to convert the id_rsa file to the format supported by PuTTy. Here we need to use the PuTTyGEN tool:

Click the Load button on the PuTTyGen interface, select the id_rsa file, enter passphrase (if any), and then click Save PrivateKey. The private key accepted by PuTTy is ready.

Open PuTTy, enter the Server IP address in the Session, click the Browse button under Connection-> SSH-> Auth, and select the generated private key. Return to the Connection option and enter the User Name of the certificate in Auto-login username. Return to the Session tab and enter a name to Save the Session. Click Open at the bottom to log on to the server through certificate authentication. If passphrase exists, passphrase is required during the logon process. Otherwise, it is very convenient to log on directly to the server.