Ubuntu Linux OpenSSH Server installation and configuration

last updated in Categories , , , ,

Q. I have just installed Ubuntu 6.06 and I would like to allow remote login to my system from home via ssh. How do I install and configure SSH server?

A. OpenSSH is a FREE version of the SSH connectivity tools that technical users of the Internet rely on. Users of telnet, rlogin, and ftp may not realize that their password is transmitted across the Internet unencrypted, but it is. OpenSSH encrypts all traffic (including passwords) to effectively eliminate eavesdropping, connection hijacking, and other attacks. Additionally, OpenSSH provides secure tunneling capabilities and several authentication methods, and supports all SSH protocol versions.

Ubuntu SSHD Installation

Type the following two command to install both ssh client and server:
# sudo apt-get install openssh-server openssh-client

SSHD Configuration

To be frank your server is ready by default. Just test it from your home computer or from same system with the command:
# ssh localhost
OR
# ssh user@your-server-ip-address

How do I use ssh client?

Assuming that your server hostname is userver.mydomain.com and username is vivek, you need to type the following command:
# ssh vivek@userver.mydomain.com
To stop ssh server, enter:
# sudo /etc/init.d/ssh stop
To start sshs server, enter:
# sudo /etc/init.d/ssh start
To restart ssh server, enter:
# sudo /etc/init.d/ssh restart

See also:

Restrict ssh access using Iptable

last updated in Categories ,

Q. How do I stop or restrict access to my OpenSSH (SSHD) server using Linux iptables based firewall?

A. Linux iptables firewall can be use to block or restrict access to ssh server. Iptables command is used to set up, maintain, and inspect the tables of IP packet filter rules in the Linux kernel. However, you can also use tcpd, access control facility for internet services.

Use iptables to Restrict ssh access

Following is simple rule that block all incoming ssh access at port 22
iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 195.55.55.78 --dport 22 -m state --state NEW,ESTABLISHED -j DROP

However in real life you need to use something as follows. Let us assume that your ssh server IP address is 195.55.55.78, remember ssh server use TCP port 22 for all incoming connection. With iptables you can block all incoming connection at port 22 with following two rules:

iptables -A INPUT -p tcp -s 0/0 --sport 513:65535 -d 195.55.55.78 --dport 22 -m state --state NEW,ESTABLISHED -j DROP
iptables -A OUTPUT -p tcp -s 195.55.55.78 --sport 22 -d 0/0 --dport 513:65535 -m state --state ESTABLISHED -j DROP

If you just want to deny access to group of IPS then you need to add following rules to your script:
IPS="202.54.1.20 64.66.44.22 64.66.44.25"
for i in $IPS
do
iptables -A INPUT -p tcp -s 0/0 -s $i --sport 513:65535 -d 195.55.55.78 --dport 22 -m state --state NEW,ESTABLISHED -j DROP
iptables -A OUTPUT -p tcp -s 195.55.55.78 --sport 22 -d $i --dport 513:65535 -m state --state ESTABLISHED -j DROP
done

Add all of above rules to your iptables firewall shell script (do not type @ shell prompt)

See also: