Setup OpenSSH Password Authentication on Ubuntu 17.04 | 17.10

SSH password authentication is the default settings that get installed after installing SSH server on Linux systems, including Ubuntu 17.04 | 17.10. When you install SSH server and make no additional changes, all account holders on the system will be able to logon to the SSH server except the root user.

This brief tutorial shows students and new users how to install OpenSSH Server for users to logon to the system. If you need to allow the root user to logon, the steps below will show you, too. The default settings for OpenSSH configuration is password authentication.

To get started with installing OpenSSH server on Ubuntu, follow the steps below:

Step 1: Installing OpenSSH Server

OpenSSH server can be installed on Ubuntu by running the commands below.

sudo apt-get update
sudo apt-get install openssh-server openssh-client

The commands above will install the server and configure its default settings where anyone with account access can logon to the system with a valid password. This is know as password authentication.

Anyone can sign on with a valid account name and password except the root user. It is setup this way for security reasons.

Step 2: Configuring OpenSSH Server

Now that the server is installed, its default configuration file can be found at the location below.

/etc/ssh/sshd_config

To open the configuration file to make changes, you run the commands below.

sudo nano /etc/ssh/sshd_config

Then begin making your changes… To enable a particular setting remove or un-comment the ( # ) before the line. Doing this enable the feature. You can choose Yes to enable or No to disable.

#       $OpenBSD: sshd_config,v 1.100 2016/08/15 12:32:04 naddy Exp $

# This is the sshd server system-wide configuration file.  See
# default value.

Port 22
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::

# Authentication:

#LoginGraceTime 2m
#PermitRootLogin prohibit-password
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10

#PubkeyAuthentication yes

# Expect .ssh/authorized_keys2 to be disregarded by default in future.
#AuthorizedKeysFile     .ssh/authorized_keys .ssh/authorized_keys2

#AuthorizedPrincipalsFile none

#AuthorizedKeysCommand none
#AuthorizedKeysCommandUser nobody

# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes

# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
#GSSAPIStrictAcceptorCheck yes
#GSSAPIKeyExchange no

# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
UsePAM yes

#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PermitTTY yes
PrintMotd no
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#UseDNS no
#PidFile /var/run/sshd.pid
#MaxStartups 10:30:100
#PermitTunnel no
#ChrootDirectory none
#VersionAddendum none

# no default banner path
#Banner none

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

# override default of no subsystems
Subsystem       sftp    /usr/lib/openssh/sftp-server

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server

Step 3: Making Basic Changes

OpenSSH default settings allow password authentication. To disable, change the line to:

PasswordAuthentication  no

To fully disable the root user, change the line to:

PermitRootLogin  no

By default the root user has no password setup which automatically disables the account, but when password is setup on the root account, SSH is granted unless you use the line above to disable. It’s set to PermitRootLogin prohibit-password by default.

Save the file.

To apply the changes you made, run the commands below to restart the OpenSSH server.

sudo systemctl restart ssh

After that open you favorite SSH client and connect to the server using the hostname or IP address.

openssh server install on ubuntu

Enjoy!

You may also like the post below:

Install Moodle 3.3.2 on Ubuntu 17.04 / 17.10 with Nginx, MariaDB and PHP Support

One Reply to “Setup OpenSSH Password Authentication on Ubuntu 17.04 | 17.10”

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.