OpenSSH is a freely-available version of the Secure Shell (SSH) protocol family of tools for remotely controlling, or transferring files between, computers.
This guide will cover the installation and setup of OpenSSH on Ubuntu Server 16.04 LTS.
It is recommended to update packages before beginning.
sudo apt updatesudo apt upgradeInstalling OpenSSH
Install the OpenSSH client.
sudo apt install openssh-clientInstall the OpenSSH server.
sudo apt install openssh-serverConfiguring OpenSSH
Copy the /etc/ssh/sshd_config file and protect it from writing with the following commands, issued at a terminal prompt:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.originalsudo chmod a-w /etc/ssh/sshd_config.originalThis creates a backup of the original configuration for future reference.
Open the /etc/ssh/sshd_config file in the editor of your preference.
sudo nano /etc/ssh/sshd_configTo configure OpenSSH to listen on a TCP port other than the default (TCP port 22), change the Port directive:
Port 2222To have sshd allow public key-based login credentials, simply add or modify the line:
PubkeyAuthentication yesIf the line is already present, then ensure it is not commented out.
To disallow login by the root user over SSH, change the PermitRootLogin directive:
PermitRootLogin noTo make your OpenSSH server display the contents of the /etc/issue.net file as a pre-login banner, simply add or modify the line:
Banner /etc/issue.netSave the file and exit the editor.
After making changes to the /etc/ssh/sshd_config file, save the file, and restart the sshd server application to effect the changes using the following command at a terminal prompt:
sudo systemctl restart sshd.serviceCheck the contents of the /etc/issue.net file.
sudo nano /etc/issue.netYou may want to insert something like this instead:
***************************************************************************
NOTICE TO USERS
This computer system is the private property of its owner, whether
individual, corporate or government. It is for authorized use only.
Users (authorized or unauthorized) have no explicit or implicit
expectation of privacy.
Any or all uses of this system and all files on this system may be
intercepted, monitored, recorded, copied, audited, inspected, and
disclosed to your employer, to authorized site, government, and law
enforcement personnel, as well as authorized officials of government
agencies, both domestic and foreign.
By using this system, the user consents to such interception, monitoring,
recording, copying, auditing, inspection, and disclosure at the
discretion of such personnel or officials. Unauthorized or improper use
of this system may result in civil and criminal penalties and
administrative or disciplinary action, as appropriate. By continuing to
use this system you indicate your awareness of and consent to these terms
and conditions of use. LOG OFF IMMEDIATELY if you do not agree to the
conditions stated in this warning.
****************************************************************************