remote-access.md

Remote Access using SSH

What is SSH?

SSH (Secure Shell) is a network protocol that allows you to securely connect to a remote server over an unsecured network. It is used to execute commands on a remote server and to transfer files to and from a remote server.

Setting Up a Firewall

If you are exposing your linux server to the internet, it is important to set up a firewall to protect it from unauthorized access. Ubuntu Linux ships with a firewall called ufw (Uncomplicated FireWall) that is easy to configure.

To enable ufw firewall, run:

sudo ufw enable

You can check the status of the firewall with this command:

sudo ufw status

Enable Remote Login with SSH

To enable remote login with SSH, you need to install the openssh-server package.

To install the openssh-server package, run:

sudo apt update
sudo apt install openssh-server

Allow SSH traffic through 'ufw' firewall:

sudo ufw allow ssh

Security Recommendations

Disable Logging in as Root User

It is recommended to disable logging in as the root user because it is a common target for brute-force attacks.

To disable root login, open the SSH daemon configuration file:

sudo nano /etc/ssh/sshd_config

Find the line that contains PermitRootLogin and modify it to ensure that users can only connect with their own credentials:

PermitRootLogin no

Restart the SSH daemon:

sudo systemctl restart sshd

Set Up SSH Key-Based Authentication

SSH key-based authentication is more secure than password-based authentication because it is not vulnerable to brute-force attacks.

Setting up ssh key-based authentication involves generating a public-private key pair on your local machine and copying the public key to the remote server.

To generate a new SSH key pair, run (on your local machine):

ssh-keygen

To copy the public key to the remote host, run (on your local machine):

ssh-copy-id username@remote_host

Disabling Password Authentication

To disable password authentication, open the SSH daemon configuration file (on the remote server):

sudo nano /etc/ssh/sshd_config

Find the line that contains PasswordAuthentication and modify it to ensure that users can only connect with their own credentials:

PasswordAuthentication no

Restart the SSH daemon (on the remote server):

sudo systemctl restart sshd

Test the new configuration by logging in without a password (on your local machine):

ssh username@remote_host

Changing the SSH Port

Changing the SSH port is a good idea because it makes it harder for attackers to find your SSH port and launch brute-force attacks.

To change the SSH port, open the SSH daemon configuration file (on the remote server):

sudo nano /etc/ssh/sshd_config

Find the line that contains Port and modify it to the desired port number:

Port 7777

Restart the SSH daemon (on the remote server):

sudo systemctl restart sshd

Test the new configuration by logging in with the new port number (on your local machine):

ssh username@remote_host -p 7777

References

• How To Use SSH to Connect to a Remote Server | Digital Ocean
• SSH Essentials: Working with SSH Servers, Clients, and Keys | Digital Ocean
• How To Configure SSH Key-Based Authentication on a Linux Server | Digital Ocean
• Initial Server Setup with Ubuntu 22.04 | Digital Ocean