If I do not install openssh when creating an ubuntu server, can someone still SSH into the server?

Solution 1:

Background:

  1. OpenSSH is the premier connectivity tool for remote login with the SSH protocol, It encrypts all traffic to eliminate eavesdropping.

  2. The OpenSSH server component, sshd (ssh deamon), listens continuously for client connections from any of the client tools.

To your specific question:

  1. As far as i know and read on official ubuntu site https://ubuntu.com/server/docs/service-openssh sshd does not comes by default on ubuntu server.

  2. To be sure that you do not have sshd installed, you can run this command which sshd.

  3. Furthemore you can check the default file of the sshd configuration /etc/ssh/sshd_config which should not be found.

  4. You can also make sure that your server is not listening to ssh port by run the command netstat -tulpn4.

    • note that the default port for sshd service is 22.
    • to be able to execute netstat command you have to install net-tools which can be installed by sudo apt install net-tools
    • the output of executing netstat -tulpn4 will be by this format:

(Not all processes could be identified, non-owned process info
 will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 127.0.0.53:53           0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -                  
tcp        0      0 0.0.0.0:1122            0.0.0.0:*               LISTEN      -                   
tcp        0      0 0.0.0.0:3333            0.0.0.0:*               LISTEN      -                   
udp        0      0 127.0.0.53:53           0.0.0.0:*                           -                   

  1. To avoid ssh access to your server you can:

    • not install sshd in the first place.

    • install and disable the sshd service by this command systemctl disable sshd.service

In Addition:

  1. There are few more services that`s enabling shell connection to a server:

    • dropbear - lightweight SSH server.
    • telnet - user interface to the TELNET protocol, The telnet command is used for interactive communication with another host using the TELNET protocol.
    • if you wanna make sure that your server is safe from any type of connection it is recommended to check that those services are disabled or uninstalled.
    • Note that a configuration solution can also be found to secure the server.
    • Finally, it is recommended to use the netstat tool and examine all the open ports on the server in order to detect security gaps and understand the server services.