How to Set Up SSH on an Ubuntu 16.04 VPS or Dedicated Server

Generate SSH Key Pair in Your Linux Machine

In this tutorial, we demonstrate how to ssh into a remote Ubuntu 16.04 server using private key authentication from any Linux local machine, in this case, CentOS 7.

Special Note: if you are looking for a safer, more secure web hosting service, consider the top Linux hosting services shown on HostAdvice, with expert and user reviews included.

Special Note: SSH is installed by default on Ubuntu. However, if it’s not installed for some reason, you can install using this command:

$ sudo apt-get install openssh-server
$ ssh-keygen

Confirm that ssh key-pair id_rsa and id_rsa.pub has been produced at the user’s home directory /home/linuxuser/.ssh.

Copy the SSH Public Key in the Remote Ubuntu 16.04 Server

First Option: Use ssh-copy-id

Run the command.

$ ssh-copy-id linuxuser@ubuntu16-hostadvice

This option copies and adds the public key (id_rsa.pub) automatically to the remote user’s home directory’s .ssh/authorized_keys file. You can confirm this by logging into the remote Ubuntu 16.04 server and opening the user’s home directory .ssh/authorized_keys file using an editor like vim or nano.

Second Option: Copy the Public Key Manually

First, create the directory named “.ssh” in the home folder of remote user account “linuxuser”.

$ mkdir -p ~/.ssh

OR

$ mkdir -p /home/linuxuser/.ssh

Then, create a file named “authorized_keys” by running the command.

$ nano ~/.ssh/authorized_keys

Then paste the public key from the clipboard into nano editor and save by pressing “Ctrl-O”.
Set the correct permissions of the directory and file.

$ chmod 700 ~/.ssh
$ chmod 600 ~/.ssh/authorized_keys

Then, restart the sshd service.

$ sudo systemctl restart sshd

Now, test if the ssh key pair is really working.

Test ssh key pair functionality

Log into the remote Ubuntu 16.04 from the Centos 7 local machine.

$ ssh -i ~/.ssh/id_rsa linuxuser@ubuntu16-hostadvice

OR simply

$ ssh linuxuser@ubuntu16-hostadvice

Upon successful authentication and login, you should be in your remote user’s terminal.

Since it’s verified that the ssh key-pair is working as required, it’s a BEST practice to disable password authentication in the server by editing the ssh configuration file “sshd_config”.  This is to eliminate any risk of brute force attack via password cracking.

Edit the sshd_config file

Let’s edit the configuration file by running command:

$ sudo vim /etc/ssh/sshd_config

See figure 13. Set value of PasswordAuthentication to “no”

PasswordAuthentication no

Modify settings in sshd_config

Uncomment and set other important settings in the config file as follows and save the file. (See figure 13)

PubkeyAuthentication yes
AuthorizedKeyFile    .ssh/authorized_keys
ChallengeResponseAuthentication no

Restart the sshd service to enable the changes in the config file by running the command.

$ sudo systemctl restart sshd

From now on, it’s possible to log into the server using ssh keys ONLY and NOT A PASSWORD.

This is not yet over. The UFW (Uncomplicated Firewall) has to be set up to filter ssh through the firewall.

Configure ufw (Uncomplicated Firewall) for ssh

Check if UFW is installed:

$ dpkg -l | grep ufw

If ufw is listed, then it’s already installed.

Special Note: By-default, ufw is usually installed in Ubuntu, however if for some reasons it’s not there you can install using :

$ sudo apt-get install ufw

Check if OpenSSH is one the applications with a registered profile on UFW.

$ sudo ufw app list

From the output, OpenSSH is the only application with a registered profile on UFW

$ sudo ufw app list

Ensure the firewall allows SSH connections

$ sudo ufw allow OpenSSH

Reload the firewall and enable it on boot

$ sudo ufw enable

Confirm that SSH connection is allowed through UFW

$ sudo ufw status

From the output, UFW is enabled and SSH connections are allowed via UFW firewall.

 

You can learn more about web hosting security in HostAdvice’s guide to hosting security.

 

Check out the top 3 Dedicated server hosting services:

HostArmada
$2.49 /mo
Starting price
Visit HostArmada
Rating based on expert review
  • User Friendly
    4.5
  • Support
    4.5
  • Features
    4.5
  • Reliability
    4.5
  • Pricing
    4.0
A2 Hosting
$2.99 /mo
Starting price
Visit A2 Hosting
Rating based on expert review
  • User Friendly
    4.5
  • Support
    4.0
  • Features
    4.5
  • Reliability
    4.8
  • Pricing
    4.0
Kamatera
$4.00 /mo
Starting price
Visit Kamatera
Rating based on expert review
  • User Friendly
    3.5
  • Support
    3.0
  • Features
    3.9
  • Reliability
    4.0
  • Pricing
    4.3

How To Set Up SSH for an Ubuntu 16.04 VPS From a Linux Client

How to set up ssh private key authentication on an Ubuntu 16.04 server with a Li
2 min read
Max Ostryzhko
Max Ostryzhko
Senior Web Developer, HostAdvice CTO

How to Set Up SSH for your Ubuntu 18.04 VPS or Dedicated Server

This how-to article shows you how to create a public and a private key for acces
4 min read
Arvind Singh
Arvind Singh
Hosting Expert

How to Connect to a Server by Using SSH on Linux and Mac

Most servers in the world are run on Linux servers. They’re dependable, afford
4 min read
Eliran Ouzan
Eliran Ouzan
Web Designer & Hosting Expert

How to Install a Self-Signed SSL Certificate on Your Ubuntu 18.04 VPS or Dedicated Server

This how-to article will teach you how to create a self-signed SSL certificate o
3 min read
Michael Levanduski
Michael Levanduski
Expert Hosting Writer & Tester
HostAdvice.com provides professional web hosting reviews fully independent of any other entity. Our reviews are unbiased, honest, and apply the same evaluation standards to all those reviewed. While monetary compensation is received from a few of the companies listed on this site, compensation of services and products have no influence on the direction or conclusions of our reviews. Nor does the compensation influence our rankings for certain host companies. This compensation covers account purchasing costs, testing costs and royalties paid to reviewers.