Nation Now Samachar

Simple SSH Access Guide for Ubuntu 22.04 (For Beginners & Non-Tech Users)

SSH (Secure Shell) is the standard way to securely log into and manage a remote Linux server. Unlike older tools like telnet or rcp, SSH encrypts all traffic, including passwords, making remote sessions much safer. This cheat sheet covers the essentials for Ubuntu 22.04: finding your server’s IP, installing and enabling SSH, connecting locally vs. over the Internet, managing user accounts, finding your username, obtaining root privileges safely, installing the Cockpit web dashboard, troubleshooting common SSH issues, and best security practices.

Use these sections as a quick reference. Remember that most commands should be run on the Ubuntu 22.04 server itself (in its terminal or via a connected console), unless noted otherwise.

1. Finding Your Server’s IP Address

To SSH into a server, you need its IP. The IP can be private (LAN) for local network access or public for Internet access. On your Ubuntu server, open a terminal and use these commands:

  • For Wired LAN: Run ip a | grep "inet " | grep -v "127.0.0.1" This lists IP addresses on Ethernet interfaces. Look for an address like 192.168.x.x or 10.x.x.x – this is the server’s local network IP.
  • For Wi-Fi: Use the same command: ip a | grep "inet " | grep -v "127.0.0.1" The output will include an inet line under your Wi-Fi interface (e.g. wlan0). The inet address (e.g. 192.168.x.x) is the server’s LAN Wi-Fi IP.
  • For Public (Internet) IP: Your ISP provides a public IP (or you may use a domain name pointing to it). From the server’s shell, you can find the public IP by running: curl ifconfig.me This command queries an external service to show the server’s Internet-facing IP address.

⚠️ Caution: Exposing SSH to the Internet (using the public IP) is inherently riskier. Always protect such access with strong authentication (strong passwords or SSH keys) and a firewall.

2. Installing & Setting Up SSH

If SSH isn’t already set up on your Ubuntu 22.04 server, install it from the official repositories:

  1. Update package lists and install OpenSSH server: sudo apt update && sudo apt install openssh-server -y This installs the OpenSSH server daemon (sshd) and client tools. Ubuntu typically includes the SSH client by default, but this ensures the server component is present.
  2. Enable and start SSH: After installation, make sure the SSH service is active: sudo systemctl enable --now ssh This command enables sshd to start on boot and starts it immediately. You can check its status with: sudo systemctl status ssh If it’s running, you’ll see an “active (running)” status. If not active, the above enable --now command ensures it starts.
  3. Verify SSH is listening:
    The server should now accept SSH connections on the default port (22). You can confirm with: sudo ss -tulnp | grep sshd or sudo netstat -tulnp | grep 22 This shows if sshd is listening on port 22/TCP. (Note: you may need to install net-tools for netstat.)

With SSH installed and running, the server is ready to accept SSH logins.

3. Local vs. Global SSH Access

Local Access (Same Network):

  • Where it works: Only within your home/office LAN.
  • IP used: A private IP like 192.168.x.x or 10.x.x.x.
  • Risk: Lower risk since outsiders can’t see your LAN IP.
  • Example: If the server’s LAN IP is 192.168.1.100, you’d connect from another device on the LAN with: ssh user@192.168.1.100
  • When to use: Good for quick access or within VPNs.

Global Access (Over Internet):

  • Where it works: From anywhere (home, cafe, mobile, etc.) via the server’s public IP or domain.
  • IP used: Your public IP (e.g. 123.45.67.89) or a domain name pointing to it (e.g. server.example.com).
  • Risk: Higher – exposes SSH to the Internet.
  • Example: If your server’s domain is myserver.example.com, connect with: ssh user@myserver.example.com
  • Security: Since it’s exposed, you must harden SSH:
    • Change SSH port: Instead of default 22, pick a high unused port (e.g. 2222) in /etc/ssh/sshd_config.
    • Use SSH keys: Disable password logins and use SSH public-key authentication.
    • Firewall: Allow only the chosen SSH port. For example, with UFW: sudo ufw allow 2222 (or allow ssh if using port 22).

These precautions help prevent unauthorized logins. Always monitor access logs and consider tools like fail2ban to block repeated failed attempts.

4. User Management

Managing user accounts is key to secure SSH access. Do not share the root password with anyone. Instead, create separate users with limited rights, and give them sudo (admin) privileges if needed.

  • Create a new user: On the Ubuntu server, run: sudo adduser newusername Replace newusername with the desired name. You’ll be prompted to set a password and (optionally) fill in user info.
  • Give admin (sudo) access: To allow the new user to run commands as root, add them to the sudo group: sudo usermod -aG sudo newusername or equivalently: sudo adduser newusername sudo Members of the sudo group have full sudo privileges by default. The -aG option in usermod appends the user to the group without removing other group memberships.
  • Remove a user: If you need to delete a user and optionally their files:
    • To delete only the user account: sudo deluser username
    • To delete the user and their home directory and mail spool, use: sudo deluser --remove-home username This ensures no personal files are left behind.

Example: To create an admin user alice, you might do:

sudo adduser alice
sudo usermod -aG sudo alice

Now alice can use sudo to run admin commands.

After creating a new sudo user, you can switch to them with su - alice or simply SSH in as that user.

5. Finding Your Username and Other User Info

When SSHing, you must specify which user to log in as (e.g. ssh alice@server). To avoid confusion, here’s how to find your own username and related info on Ubuntu:

  • Check current username: The simplest way is: whoami This prints the username of the current user. Alternatively: id -un or echo $USER All show your login name (e.g., ubuntu or root).
  • List all users on the system: To see every user account defined on the server, list /etc/passwd. For a clean list of names only, run: cut -d: -f1 /etc/passwd This uses the cut command to extract the first field (username) from each line in /etc/passwd. It will output system and normal users (e.g. root, www-data, youradmin, etc.). Alternatively: getent passwd | cut -d: -f1 which shows the same information including any users from other account sources.
  • Check sudo/admin rights: To verify if your user can use sudo, run: sudo -l
    • If you have sudo privileges, this will list the commands you can run or simply say (ALL) ALL for full rights.
    • If you lack sudo, it will report something like: [youruser] is not in the sudoers file.
  • See who is currently logged in: Use who or w: who or w These commands show all users logged in right now and their login times. For example, w also shows where they’re logged in from.
  • Forgot your username? If you’re already on the server but forgot your name, the terminal prompt often shows user@hostname. You can still run whoami. If you’re completely locked out, you would need admin/root access to recover or reset an account.

Quick Cheat Sheet – Username Commands:

CommandWhat It Does
whoami (or id -un)Displays your current username
cut -d: -f1 /etc/passwdLists all user account names
sudo -lShows if and how you can use sudo
who or wShows logged-in users and their IPs

Always note your SSH username. When connecting (e.g. ssh alice@server_ip), “alice” must be a valid user on the server. If uncertain, use whoami on the server as a precaution.

6. Accessing with Full Power (Root Access)

⚠️ Warning: The root user has unlimited power. Using root directly (especially over SSH) is risky. On Ubuntu, root login is disabled by default. Instead, the recommended practice is to log in as a normal user and use sudo when elevated privileges are needed. This provides an audit trail of commands and prevents accidental system damage.

  • Direct root login (not recommended): If your server’s root account is enabled and SSH permits it, you could do: ssh root@server_ip You’d then use the root password. However, Ubuntu disables this by default for security. Most guides advise against enabling it. If you do need root, better to use sudo as described next.
  • Become root after login: A safer method is to SSH in as your normal (sudo) user, then switch to root: ssh alice@server_ip # once logged in as alice: sudo -i or sudo -s This prompts for your user’s password and then gives you a root shell (# prompt). The system logs which user invoked sudo, so actions can be traced.

In summary, do things as root only when absolutely necessary. Use sudo for admin tasks and log out of the root shell (exit) when done. This minimizes the risk of accidental system-wide changes. Keep root login disabled (PermitRootLogin no in /etc/ssh/sshd_config).

7. Extra: Cockpit (Easy Web Dashboard)

Cockpit is a user-friendly web-based interface for system management. It’s not SSH but a useful bonus for visual control. To install Cockpit on Ubuntu 22.04:

sudo apt update
sudo apt install cockpit -y
sudo systemctl enable --now cockpit.socket
  • Access: Open a browser to https://your-server-ip:9090. Log in with your system username/password (preferably one with sudo rights).
  • Features: Cockpit provides a dashboard for monitoring CPU/storage, starting/stopping services, managing users, and more. It’s handy if you prefer a GUI for some tasks.
  • Firewall: If you have UFW enabled, allow Cockpit’s port: sudo ufw allow 9090.
  • Security: Cockpit respects system user privileges. After login, click to grant your user “Administrative Access” within Cockpit (it will ask for your password) so you can manage services.

Cockpit isn’t mandatory, but it’s useful to know that Ubuntu can be managed via web dashboard as well as SSH.

8. Quick Troubleshooting

Even with everything set up, you might encounter common SSH errors. Here’s a quick checklist:

  • “Connection refused”: This usually means the SSH service isn’t reachable.
    • Check if SSH is running: sudo systemctl status ssh If it says “inactive” or “disabled”, start it (sudo systemctl enable --now ssh). A running SSH daemon is required.
    • Check the firewall: If UFW or another firewall is active, ensure SSH port is allowed. For example, sudo ufw allow ssh (or allow 2222 if you changed the port).
    • Verify IP: Make sure you’re connecting to the correct IP (e.g. not accidentally using 127.0.0.1 or the wrong address).
    • If you changed SSH’s port (non-22), specify it with -p, e.g. ssh -p 2222 user@server_ip.
  • “Permission denied” (authentication failure): This means your credentials didn’t work.
    • If using password login: Re-type carefully (passwords are case-sensitive!). Ensure the user exists on the server.
    • If using key-based login: Verify your public key is in ~/.ssh/authorized_keys on the server under the correct user. Check file permissions (it should be readable only by the user).
    • If you get “permission denied (publickey)”, it often means the server expects a key but you provided none or the wrong one. Make sure you are using the correct SSH key file (ssh -i /path/to/key ...) and that the server’s sshd_config allows PubkeyAuthentication.
  • Port forwarding/NAT: If you’re trying to SSH via a router (e.g. home lab), ensure port 22 (or your custom port) is forwarded from the router’s public IP to the server’s LAN IP.
  • “Host key verification failed”: This happens if the server’s host key changed (e.g. reinstall). You may need to remove the old key from ~/.ssh/known_hosts on your client. Only do this if you trust the server is legitimately the same.
  • Using verbose mode: For detailed debugging, add -v (or -vvv for max verbosity) to the ssh command. This will show step-by-step connection details, which can help pinpoint issues.

These checks resolve the most common SSH problems. For example, PhoenixNAP notes that a down SSH service or a blocked firewall often causes “Connection refused”.

9. Final Tips (Security Best Practices)

  • Local vs. Remote: If you’re on the same LAN, you can simply use the server’s private IP (e.g. ssh user@192.168.1.x). For remote (Internet) access, always assume attackers could target your server. Use strong, unique passwords or better yet SSH key pairs.
  • SSH Keys: Use public/private key authentication instead of passwords for global access. Protect your private key with a passphrase.
  • Disable Root Login: Ensure PermitRootLogin no in /etc/ssh/sshd_config to block root from logging in directly. Use sudo with a normal user instead.
  • Change Default Port (Optional): Moving SSH from port 22 to another port (e.g. 2222) can reduce automated scanning noise (though it’s security by obscurity, it helps somewhat).
  • Firewall: Only open the SSH port(s) you actually use. On Ubuntu, ufw is easy: e.g. sudo ufw allow 2222/tcp then sudo ufw enable.
  • Regular Updates: Keep your system and openssh-server up to date: sudo apt update && sudo apt upgrade -y
  • Monitor Logs: Check /var/log/auth.log for SSH login attempts. Tools like fail2ban can automatically ban IPs after repeated failures.
  • User Limits: Only give sudo to users who truly need it. Keep normal users in a non-privileged role for daily use.

By following these guidelines, you can SSH into your Ubuntu 22.04 server securely and manage it effectively. 🚀 Happy SSHing!

Sources: Official Ubuntu documentation and expert guides were used to compile this cheat shee