SSH and ZeroTier on Ubuntu
Source: Notion | Last edited: 2025-04-25 | ID: 10c2d2dc-3ef...
This guide provides a step-by-step process to install and configure SSH and ZeroTier on an Ubuntu system. Whether you’re setting up a new server or enhancing an existing one, this tutorial ensures secure remote access and seamless network integration.
Prerequisites
Section titled “Prerequisites”Before you begin, ensure you have the following:
- Ubuntu Operating System: This guide is tailored for Ubuntu 20.04 LTS and later versions.
- Sudo Privileges: Administrative access to install and configure services.
- Terminal Access: Local or remote access via console or existing SSH session.
Installing and Securing SSH
Section titled “Installing and Securing SSH”Secure Shell (SSH) allows you to remotely access and manage your Ubuntu system securely. This section covers installation, configuration for enhanced security, and setting up SSH key-based authentication.
1. Install OpenSSH Server
Section titled “1. Install OpenSSH Server”First, install the OpenSSH server package.
sudo apt updatesudo apt install -y openssh-serverVerify SSH Service Status:
sudo systemctl status sshYou should see output indicating that the SSH service is active and running.
2. Configure SSH for Enhanced Security
Section titled “2. Configure SSH for Enhanced Security”Enhancing SSH security reduces the risk of unauthorized access.
Backup Original Configuration:
sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backupEdit SSH Configuration:
sudo nano /etc/ssh/sshd_configRecommended Changes:
- Disable Root Login: Find the line:
#PermitRootLogin prohibit-passwordChange to:
PermitRootLogin no-
Change Default SSH Port (Optional): For added security through obscurity, you can change the default SSH port from
22to another port (e.g.,2222).Find the line:
#Port 22Change to:
Port 2222- Disable Password Authentication (After Setting Up SSH Keys): Find the line:
#PasswordAuthentication yesChange to:
PasswordAuthentication noSave and Exit:
Press CTRL + O to save and CTRL + X to exit.
Restart SSH Service to Apply Changes:
sudo systemctl restart ssh3. Set Up SSH Key-Based Authentication
Section titled “3. Set Up SSH Key-Based Authentication”SSH keys provide a more secure method of authentication compared to passwords.
Generate SSH Key Pair on Your Local Machine:
If you haven’t already generated an SSH key pair, do so on your local machine:
ssh-keygen -t ed25519 -C "your_email@example.com"If you prefer RSA:
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"Copy Public Key to Ubuntu Server:
Replace username and server_ip with your actual username and server IP address.
ssh-copy-id -p 2222 username@server_ipIf you changed the SSH port, include the -p flag with the new port.
Test SSH Login:
ssh -p 2222 username@server_ipYou should now be able to log in without a password.
4. Configure UFW Firewall for SSH
Section titled “4. Configure UFW Firewall for SSH”Ensure that the firewall allows SSH connections.
Enable UFW:
sudo ufw enableAllow SSH (Default Port 22):
sudo ufw allow sshIf you changed the SSH port (e.g., 2222), allow the new port:
sudo ufw allow 2222/tcpAllow ZeroTier (Handled Later):
We’ll configure ZeroTier access after installing it.
Check UFW Status:
sudo ufw statusInstalling ZeroTier
Section titled “Installing ZeroTier”ZeroTier provides a virtual network that can simplify network configurations and improve security. Follow these steps to install ZeroTier on your Ubuntu system.
1. Update Package List
Section titled “1. Update Package List”Ensure your package list is up to date.
sudo apt update2. Install Required Dependencies
Section titled “2. Install Required Dependencies”Install curl and gnupg if they are not already installed.
sudo apt install -y curl gnupg3. Add the ZeroTier GPG Key
Section titled “3. Add the ZeroTier GPG Key”Import ZeroTier’s GPG key to verify the authenticity of the packages.
curl -s <https://pgp.zerotier.com/contact%40zerotier.com.gpg> | gpg --dearmor | sudo tee /usr/share/keyrings/zerotier-archive-keyring.gpg > /dev/null4. Add the ZeroTier Repository
Section titled “4. Add the ZeroTier Repository”Add ZeroTier’s repository to your system’s package sources.
echo "deb [signed-by=/usr/share/keyrings/zerotier-archive-keyring.gpg] <https://download.zerotier.com/debian/$>(lsb_release -cs) $(lsb_release -cs) main" | sudo tee /etc/apt/sources.list.d/zerotier.list5. Update Package List Again
Section titled “5. Update Package List Again”Refresh the package list to include ZeroTier’s repository.
sudo apt update6. Install ZeroTier
Section titled “6. Install ZeroTier”Install the ZeroTier One package.
sudo apt install -y zerotier-oneConfiguring ZeroTier
Section titled “Configuring ZeroTier”After installation, configure ZeroTier to join your desired network.
1. Start and Enable ZeroTier Service
Section titled “1. Start and Enable ZeroTier Service”Start the ZeroTier service and enable it to start on boot.
sudo systemctl start zerotier-onesudo systemctl enable zerotier-oneVerify Service Status:
sudo systemctl status zerotier-oneYou should see that the service is active and running.
2. Join a ZeroTier Network
Section titled “2. Join a ZeroTier Network”Join your specific ZeroTier network using the network ID.
Replace <network_id> with Your Actual Network ID:
sudo zerotier-cli join <network_id>Verify Network Membership:
sudo zerotier-cli listnetworksYou should see your network listed with a status indicating whether it’s authorized.
Troubleshooting
Section titled “Troubleshooting”Encountering issues during installation or configuration? Here are common problems and their solutions.
Issue 1: SSH Connection Problems
Section titled “Issue 1: SSH Connection Problems”Symptoms:
- Unable to connect via SSH.
- Connection times out or is refused. Solutions:
- Check SSH Service Status:
sudo systemctl status sshEnsure the service is active.
- Verify Firewall Settings:
sudo ufw statusEnsure the SSH port is allowed.
-
Confirm SSH Configuration: Revisit
/etc/ssh/sshd_configto ensure settings are correct, especially if you changed the SSH port. -
Restart SSH Service:
sudo systemctl restart ssh- Check Network Connectivity: Ensure your server is reachable from your local machine.
Issue 2: ZeroTier Device Not Authorized
Section titled “Issue 2: ZeroTier Device Not Authorized”Symptoms:
After joining a network, the status shows ACCESS_DENIED or similar.
Solutions:
- Authorize the Device:
- Log in to ZeroTier Central.
- Navigate to your network.
- Find the unauthorized device and authorize it.
- Wait for Propagation: Authorization might take a few minutes. Retry listing networks:
sudo zerotier-cli listnetworksIssue 3: ZeroTier Interface Not Found
Section titled “Issue 3: ZeroTier Interface Not Found”Symptoms:
Cannot find the ZeroTier network interface (e.g., zt0).
Solutions:
- List All Network Interfaces:
ip addrLook for interfaces starting with zt followed by random characters (e.g., ztksetviym).
- Use Correct Interface Name: Reference the actual interface name when configuring network settings or scripts.
Issue 4: ZeroTier Service Issues
Section titled “Issue 4: ZeroTier Service Issues”Symptoms:
ZeroTier service fails to start or behaves unexpectedly.
Solutions:
- Check Service Status:
sudo systemctl status zerotier-one- View Service Logs:
sudo journalctl -u zerotier-one -e- Restart the Service:
sudo systemctl restart zerotier-one- Reinstall ZeroTier (if necessary):
sudo apt remove --purge zerotier-onesudo apt install zerotier-oneFinal Steps
Section titled “Final Steps”Once SSH and ZeroTier are installed and configured:
- Verify SSH Access: Ensure you can connect to your server via SSH using your key-based authentication.
ssh -p 2222 username@server_ip- Verify ZeroTier Network Membership:
sudo zerotier-cli listnetworksConfirm that your device is listed and authorized.
- Check ZeroTier Interface: Identify your ZeroTier network interface and verify its IP address.
ip addr show zt*- Configure Additional Services (Optional): If you’re setting up services that rely on ZeroTier for networking, configure them to use the ZeroTier interface.
Conclusion
Section titled “Conclusion”By following this comprehensive guide, you’ve successfully installed and secured SSH on your Ubuntu system and integrated it into a ZeroTier network. This setup ensures secure remote access and flexible networking capabilities, enhancing both the security and functionality of your server environment.
Remember:
- Regularly Update Your System: Keep your system and installed packages up to date to benefit from the latest security patches.
sudo apt update && sudo apt upgrade -y- Monitor Access Logs: Periodically review SSH and ZeroTier logs to monitor for any unauthorized access attempts.
sudo journalctl -u sshsudo journalctl -u zerotier-one- Backup Configuration Files: Maintain backups of your SSH and ZeroTier configurations to facilitate quick recovery in case of issues.
sudo cp /etc/ssh/sshd_config ~/sshd_config.backupsudo cp /etc/zerotier-one/zerotier-one.conf ~/zerotier-one.conf.backupWith these practices, your Ubuntu server will remain secure, accessible, and well-integrated into your desired networks.