Search Authority

Ubuntu Enable sshd: Secure Your Server Now

Enabling the SSH service on Ubuntu systems allows secure remote administration and automation workflows directly from the network. This guide walks through practical steps, conf...

Mara Ellison Jul 11, 2026
Ubuntu Enable sshd: Secure Your Server Now

Enabling the SSH service on Ubuntu systems allows secure remote administration and automation workflows directly from the network. This guide walks through practical steps, configuration details, and operational best practices for activating and hardening sshd access.

Use the following table for a concise overview of service status, ports, configurations, and security recommendations when you enable sshd on Ubuntu.

Aspect Default Value Recommended Secure Value Notes
Service Name ssh ssh Managed by systemd as ssh.service
Listening Port 22/tcp Custom high port (e.g., 2222–65535) Avoid well-known ports only if you have firewall rules
Protocol 2 2 SSHv1 is deprecated; keep Protocol 2
PermitRootLogin prohibit-password no Disable direct root login; use sudo instead
PasswordAuthentication yes no Use SSH keys with passphrases for stronger auth
X11Forwarding no no Set to yes only if GUI forwarding is explicitly needed
MaxAuthTries 6 3–4 Lower values reduce brute-force window
AllowUsers / AllowGroups All authenticated users Specific users or groups Limit access to required admin and deploy accounts

Enable and Start sshd on Ubuntu

Before any configuration, ensure the OpenSSH server package is installed and the service is actively running. On Ubuntu, the systemd unit manages sshd lifecycle and integrates with the firewall.

Use systemctl to check current status and then enable sshd to start at boot, followed by starting it immediately if the server is already configured for remote access.

Configure sshd Securely

Once enabled, apply security-focused changes to the main sshd configuration file located at /etc/ssh/sshd_config. These adjustments help reduce exposure and enforce least-privilege access.

Apply options such as disabling root login, enforcing key-based authentication, and narrowing allowed users or groups to control who can reach the system over SSH.

Firewall and Port Management

After you enable sshd, align your firewall rules with the chosen SSH port and administrative policies. Ubuntu commonly uses ufw, which provides a straightforward interface for allowing service entries and restricting source addresses.

Restrict SSH access to administration networks or bastion hosts when possible, and avoid broad rules that expose the service to the entire internet without additional protections.

Service Monitoring and Maintenance

Ongoing maintenance includes verifying configuration syntax, monitoring authentication logs, and rotating keys when personnel or automation accounts change. Regular reviews of active connections and PermitEmptyPasswords settings help maintain a resilient posture.

Plan updates to the OpenSSH package alongside system patches, and validate service behavior after each modification to prevent accidental lockouts or disruptions.

Operational Best Practices and Key Takeaways

  • Always enable and start sshd with systemctl to integrate cleanly with Ubuntu service management.
  • Apply secure defaults in sshd_config, including key-based auth and disabling root login.
  • Align firewall rules with your chosen SSH port and scope allowed sources tightly.
  • Monitor logs and rotate credentials regularly to detect or prevent unauthorized access.
  • Validate changes in a maintenance window or via console access to avoid accidental lockouts.

FAQ

Reader questions

How do I enable sshd at boot and start it right now on Ubuntu?

Run sudo systemctl enable ssh to configure the service for automatic start, then sudo systemctl start ssh to launch it immediately, and sudo systemctl status ssh to verify it is active.

What is the default SSH port on Ubuntu and should I change it?

The default SSH port is 22; changing it can reduce automated noise, but rely on firewall rules and hardening instead of port obscurity for real security.

How can I restrict SSH access to specific users on Ubuntu?

Use AllowUsers or AllowGroups in /etc/ssh/sshd_config and reload sshd so only the specified accounts or groups can authenticate over SSH.

Why does my Ubuntu server not accept SSH connections after I changed the config?

Check syntax with sudo sshd -t, verify the firewall allows the listening port, ensure sshd is running via systemctl status ssh, and inspect logs in /var/log/auth.log for authentication or listening issues.

Related Reading

More pages in this topic cluster.

Baby Growth Spurts: Navigating Rapid Developmental Leaps

Baby growth spurts are rapid increases in weight and length that can transform a sleepy newborn into a more demanding, fussier feeder almost overnight. These short but intense p...

Read next
Olecranon Process Anatomy: The Elbow's Key Bone Structure

The olecranon process is the prominent bony point of the elbow, forming the upper extremity of the ulna. It functions as a lever arm that transmits forces from the triceps muscl...

Read next
Mastering Economics Current Account: Balance, Trade & Prosperity

The economics current account captures a nation's net transactions with the rest of the world, including trade in goods and services, primary income, and secondary transfers. Un...

Read next