How to Install & Use SSH Service in Ubuntu 24.04

This simple tutorial shows how to enable and setup Secure Shell (SSH) service in Ubuntu 24.04, so you can login remotely and transfer files securely in command console.

Debian and Ubuntu use OpenSSH (OpenBSD Secure Shell) to provide secure shell channel for making changes, transferring data, and performing other operations on server from a client remotely.

The SSH service is NOT enabled by default. And, here I’m going to how to enable and configure it in Ubuntu 24.04

Step 1: Install OpenSSH Server

First connect to your Ubuntu server, or press Ctrl+Alt+T to open up a terminal window on Ubuntu Desktop.

When terminal opens, run command to refresh system package cache:

Advertisements
sudo apt update

Then, install the SSH server via command:

sudo apt install ssh

For choice, you may use sudo apt install openssh-server command that will do the same thing.

Step 2: Configure Listening Port, Authentication, etc

Since Ubuntu 22.10, OpenSSH is configured to use systemd socket activation by default. Meaning that the ssh service will be NOT started until an incoming connection is received.

This can save at least 3MiB of memory, which is useful when running multiple Ubuntu instances in VMs or LXD containers.

Due to this change, Port and ListenAddress etc changes in /etc/ssh/sshd_config did NOT work. User had to either edit config files under /etc/systemd/system/ssh.socket.d instead, or revert to the previous non-socket-activated behavior.

In Ubuntu 24.04, user again can edit the /etc/ssh/sshd_config file to configure SSH. The only change is re-starting the socket instead of ssh.service for applying changes.

And, to edit the file, run command:

sudo nano /etc/ssh/sshd_config

When the file opens, remove “#” at the beginning for any line you want to enable, then change the value according to your need. For example:

  • Set Port 12345 to listen on port 12345 instead of default 22.
  • Set listening IP address ListenAddress 172.67.181.180 if more than one available. By default, all the server IP addresses are allowed for SSH connection.
  • LoginGraceTime 30 – set 30s timeout waiting for a password.
  • PermitRootLogin no – disable root login.
  • MaxAuthTries 3 – max authentication failures.
  • PasswordAuthentication no – disable password login. In the case, you need to enable a key-based authentication.

For more, see the official SSH documentation.

Step 3: Apply SSH Server Config Changes

After making changes, press Ctrl+S to save and Ctrl+X to exit for nano command line text editor.

Then, as mentioned, restart the socket instead to apply changes:

sudo systemctl daemon-reload
sudo systemctl restart ssh.socket

In my case, I change the port number to 12345, which can be verified by running systemctl status ssh.socket command.

Step 4: Open the listening port in firewall

If you changed the SSH port and enabled firewall (firewall is NOT enabled by default in Ubuntu Desktop), then run command to allow the new port:

sudo ufw allow 12345

Change number 12345 to yours. Then, verify by running command:

sudo ufw status verbose

Step 5: Use SSH to Login Remotely or Transfer Data

Finally, you can run the ssh command to connect to a remove server. For example:

ssh [email protected] -p 22345

In the command:

  • ji is the username in remote server here I’m trying to log in with. Replace to yours.
  • 192.168.0.107 is the remote server’s IP address. Replace it to yours.
  • -p 22345 specifies the port. Change the number, or skip it if the default port 22 in use.

To upload file from local to remote SSH server, use command for example:

scp -P 22345 ~/Downloads/librivox.zip [email protected]:~/Documents

In the case, it will upload the librivox.zip file from my local Downloads folder to remote server’s Documents folder for ji.

To download file from remote, run command for example:

scp -P 22345 [email protected]:~/Documents/librivox.zip ~/Downloads

It will download the librivox.zip file from remote ji’s Documents folder, to my local Downloads folder.

For more about using SSH command, see the official documentation.