Source Digit

Linux, Ubuntu Tutorials & News, Technology, Gadgets & Gizmos

Home / How To / Install OpenSSH 7.2 On Linux Ubuntu Systems

Install OpenSSH 7.2 On Linux Ubuntu Systems

By Sourabh /  Category: How To, Ubuntu

Install OpenSSH on Ubuntu Linux Systems. OpenSSH, also known as OpenBSD Secure Shell, is a suite of security-related network-level utilities based on the SSH protocol.  OpenSSH 7.2 is the latest version of the SSH Shell.

OpenSSH is a freely available version of the Secure Shell (SSH) protocol family of tools for remotely controlling, or transferring files between, computers. Traditional tools used to accomplish these functions, such as telnet or rcp, are insecure and transmit the user’s password in cleartext when used. OpenSSH provides a server daemon and client tools to facilitate secure, encrypted remote control and file transfer operations, effectively replacing the legacy tools.

OpenSSH 72.

OpenSSH 7.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. This release disables a number of legacy cryptographic algorithms by default in ssh:

Security:

* ssh(1), sshd(8): remove unfinished and unused roaming code (was already forcibly disabled in OpenSSH 7.1p2).
* ssh(1): eliminate fallback from untrusted X11 forwarding to trusted forwarding when the X server disables the SECURITY extension.
* ssh(1), sshd(8): increase the minimum modulus size supported for diffie-hellman-group-exchange to 2048 bits.
* sshd(8): pre-auth sandboxing is now enabled by default (previous releases enabled it for new installations via sshd_config).

New Features:

* all: add support for RSA signatures using SHA-256/512 hash algorithms based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt.
* ssh(1): Add an AddKeysToAgent client option which can be set to ‘yes’, ‘no’, ‘ask’, or ‘confirm’, and defaults to ‘no’.  When enabled, a private key that is used during authentication will be added to ssh-agent if it is running (with confirmation enabled if set to ‘confirm’).
* sshd(8): add a new authorized_keys option “restrict” that includes all current and future key restrictions (no-*-forwarding, etc.). Also add permissive versions of the existing restrictions, e.g. “no-pty” -> “pty”. This simplifies the task of setting up restricted keys and ensures they are maximally-restricted, regardless of any permissions we might implement in the future.  * ssh(1): add ssh_config CertificateFile option to explicitly list certificates. bz#2436
* ssh-keygen(1): allow ssh-keygen to change the key comment for all supported formats.
* ssh-keygen(1): allow fingerprinting from standard input, e.g. “ssh-keygen -lf -”
* ssh-keygen(1): allow fingerprinting multiple public keys in a file, e.g. “ssh-keygen -lf ~/.ssh/authorized_keys” bz#1319
* sshd(8): support “none” as an argument for sshd_config Foreground and ChrootDirectory. Useful inside Match blocks to override a global default. bz#2486
* ssh-keygen(1): support multiple certificates (one per line) and reading from standard input (using “-f -“) for “ssh-keygen -L”  * ssh-keyscan(1): add “ssh-keyscan -c …” flag to allow fetching certificates instead of plain keys.
* ssh(1): better handle anchored FQDNs (e.g. ‘cvs.openbsd.org.’) in hostname canonicalisation – treat them as already canonical and remove the trailing ‘.’ before matching ssh_config.

Install OpenSSH on Ubuntu Linux

To install the OpenSSH client applications on your Ubuntu system, use this command at a terminal prompt:

$ sudo apt-get install openssh-client

To install the OpenSSH server application, and related support files, use this command at a terminal prompt:

$ sudo apt-get install openssh-server

Once installed, configure the OpenSSH server application, sshd, by editing the file /etc/ssh/sshd_config.

Before editing the /etc/ssh/sshd_config file backup the original file. Run the following command to make a copy of the original sshd configuration file.

$ sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original_copy

For information view the manual page:

man sshd_config

There are many directives in the sshd configuration file controlling such things as communication settings, and authentication modes.

Follow the link below to configure SSH
https://help.ubuntu.com/lts/serverguide/openssh-server.html

The following are examples of configuration directives you may change:

  • To set your OpenSSH to listen on TCP port 2222 instead of the default TCP port 22, change the Port directive as such: Port 2222

  • To have sshd allow public key-based login credentials, simply add or modify the line: PubkeyAuthentication yes

    If the line is already present, then ensure it is not commented out.

  • To make your OpenSSH server display the contents of the /etc/issue.net file as a pre-login banner, simply add or modify the line: Banner /etc/issue.net

    In the /etc/ssh/sshd_config file.

After making changes to the /etc/ssh/sshd_config file, save the file, and restart the sshd server application to effect the changes using the following command at a terminal prompt:

sudo service ssh restart