How to install and configure OpenSSH in Linux?

In this article, you will learn about what is SSH and how to install and configure OpenSSH in Linux.

The SSH stands for Secure Shell. And, it is a protocol to connect one computer from another computer securely. SSH uses strong encryption to protect the information with secure communication and also make sure integrity. Earlier people use telnetrlogin to connect computers, but the connection happens between computers was not reliable. So the SSH is the best alternative and a secure communication way. And also useful for the secure transfer of files over FTP.

Features of SSH

  • Secure Communication
  • Strong Encryption (3DES, Blowfish, AES, Arcfour)
  • Port Forwarding (encrypted channels for legacy protocols)
  • Strong Authentication (Public Key, One-Time Password and Kerberos Authentication)
  • Agent Forwarding (Single-Sign-On)
  • Interoperability (Compliance with SSH 1.3, 1.5, and 2.0 protocol Standards)
  • SFTP client and server support in both SSH1 and SSH2 protocols.
  • Kerberos and AFS Ticket Passing
  • Data Compression

Preconditions

  • You have a CentOS/RHEL 7/8 system.
  • You must log-in with a root user or a user with sudo privilege to make the changes.
  • Access to the command-line.
  • Internet connection.

Details about SSH server

You can find the below details very useful for the openssh server.

Packages Name: openssh-clients openssh-server
Service Name: sshd
Configuration file location: /etc/ssh/sshd_config (this is the sshd server system-wide configuration file)
Logfile location: /var/log/secure (the log file name is secure and if you want to watch the log file then you can use the tailf command)
Port: The standard TCP port for SSH is 22

So, let’s install and configure the openssh server.

Step 1: Installing OpenSSH server software package

You have to write the below command on the terminal to begin the installation process. And it will install without asking for any confirmation.

yum –y install openssh-clients openssh-server 

Note: If you are not the root user then put sudo before every command.

Step 2: Starting the ssh service

In this step, we’ll start the service of the ssh server. So, the service name is sshd.

systemctl start sshd

Step 3: Checking the sshd service status

It is a good practice to check the service status of sshd. So, to check the status of the sshd service, type the below command

systemctl status sshd
install and configure openssh server
Checking sshd service status

If you want to stop the service, you can type below command

systemctl stop sshd

Step 4: Enabling the SSH service

To enable SSH to start automatically whenever you reboot the computer, you can type below command,

systemctl enable sshd

Note: If you want to stop the automatic start after every reboot, you can type the below command,

systemctl disable sshd

To check that if sshd is enabled or disabled on startup, you can type the below command,

systemctl is-enabled sshd

configuration of the OpenSSH server

It is essential to configure the OpenSSH server; otherwise, there will be security issues. There are a few things you can make sure of the OpenSSH server.

  1. Disable the ‘root’ user
  2. Changing the ‘port’ number

So, now you have to check the configuration file of the OpenSSH, and I’m using vim editor to open this configuration file, but you can use it as per your choice like nano, pico, vi, or any other editors.

File location: /etc/ssh and file name is sshd_config

vim /etc/ssh/sshd_config

Disabling the root user

Firstly, I’m going to disable the root user, you have to edit the file and look for PermitRootLogin yes and change yes to no like in the below picture. and if you see any hashtag (#), remove it.

Disabling root user in ssh
Disabling root user.

So the first step has been completed. Now let’s move on to the second step.

Changing the port number

Secondly, I’m going to change port 22 to port 8012, but you can put any port as you want. And as we are using it without disabling the SELinux, then we have to allow this port in SELinux Policy.

So, if you want to know, how to enable the port of sshd in SELinux, then you can check the link HOW TO ALLOW NON-STANDARD PORTS IN SELINUX.

ssh-port
Changing the ssh port.

Save and close it and restart the sshd service with the below command,

systemctl restart sshd

Now we have to also set the firewall setting and allow the port

Changing the firewall settings

So, to check the status of the firewall, type the below command. The firewalld is the service name for the firewall.

systemctl status firewalld

You can also state that and it will stat all the open ports and services

firewall-cmd --state

To add the ssh port in the firewall, type the below command. The command will add the port to the firewall service.

firewall-cmd --add-port=22/tcp

So if you want to make this entry permanent, type below command

firewall-cmd --permanent --add-port=22/tcp

And now reload the firewall service with the below command,

firewall-cmd --reload

Important:
To watch the log file, you can use the below command

tail -f /var/log/secure

Conclusion

In this tutorial, we learn about How to install and configure OpenSSH in Linux. We limit access to the Open SSH server. We also configured a firewall service. I hope, you understand but if you have any questions, you can ask in the comment section.

Leave a Reply

Your email address will not be published.