OpenSSH 8.2 on Ubuntu 20.04


Ubuntu 20.04 released on Apr 2020 included OpenSSH version 8.2. Ubuntu 20.04 is the latest LTS version as of this writing. The previous LTS release (Ubuntu 18.04) included OpenSSH version 7.6. Lately, I’ve been migrating lots of servers running Ubuntu 16.04 (that reached its EOL on Apr 2021) to Ubuntu 20.04 (that will reach its EOL on April 2025). Those servers (running Ubuntu 16.04) were using OpenSSH 7.2. There has been a lot of changes since OpenSSH version 7.2 and since version 7.6. Let me go through each and find out how easy things are now with the latest features.

OpenSSH 7.3

OpenSSH 7.3 added a feature that supports Include keyword on ssh_config file/s that are present in /etc/ssh/ssh_config or in ~/.ssh/config. It means if I have hundreds of servers to manage, I can split ssh_config file into multiple files. For example, previously, my ~/.ssh/config looked like this…

Host home_pi_3_server
    Hostname    192.168.91.3
    User        ubuntu

Host home_pi_4_desktop
    Hostname    192.168.91.4
    User        pi

Host client_name_1
    Hostname    example.com
    User        actual_user

Host client_name_2
    Hostname    example.tld
    User        actual_user

Now, the same file looks like this…

Include config.d/*

Yes. Just a single line. With home and client data are split into multiple files in ~/.ssh/config.d/ directory. Here are the contents of ~/.ssh/config.d/home

Host home_pi_3_server
    Hostname    192.168.91.3
    User        ubuntu

Host home_pi_4_desktop
    Hostname    192.168.91.4
    User        pi

Contents of ~/.ssh/config.d/work

Host client_name_1
    Hostname    example.com
    User        actual_user

Host client_name_2
    Hostname    example.tld
    User        actual_user

There is another advantage of having ssh_config file split into multiple files. I have plenty of test servers running as LXD containers and virtual machines. I can keep those servers in a separate config file and then let gitignore file ignore only that config file. Yes, I keep my ssh_config file in version control.

OpenSSH 7.6

RemoteCommand has been introduced in this release to execute any command upon successful login to the remote machine. This is another handy feature that saves times.

OpenSSH 8.0

Earlier, when we generate SSH keys using ssh-keygen command, by default RSA keys were generated with the 2048 bits. Now, since OpenSSH 8.0, it is been increased to 3072 bits.

OpenSSH 8.2

OpenSSH 7.3 added a feature that supports Include keyword on sshd_config file in /etc/ssh/sshd_config, the config file for SSH server. While Include directive is the same as above, the use-case here is applicable or useful in a completely different context. With Include in sshd_config file, we no longer have to update the primary configuration file by hand. Whenever we wish to modify the default behaviour of ssh server, we can include it as a file. Ubuntu 20.04 has already configured this and has the following line at the top of /etc/ssh/sshd_config

Include /etc/ssh/sshd_config.d/*.conf

So, if we need to disable root login completely, we can include a file named deny-root-login.conf with the text PermitRootLogin no. if we need to allow password login for users, we can include a file named allow-passwd-auth.conf with the text PasswordAuthentication yes. This is much handy than overwriting the original file. We also know what tweaks we have done to the ssh server.

Summary

There are a lot more tiny features introduced in each release. The above are my favorites that helped me to save tons of time and organize my workflow in a better way. Do you have any favorite feature not listed above?