How to Configure SSH on Linux

Edited 3 weeks ago by ExtremeHow Editorial Team

Remote AccessSecuritySSHServer AdministrationCommand LineConfigurationEncryptionClientsNetwork AccessAuthentication

Configuring SSH (Secure Shell) on a Linux system is a basic task for anyone who wants to manage and communicate with remote systems in a secure manner. SSH provides a secure channel over an unsecured network by encrypting data, thus ensuring that communication between devices remains confidential and secure. In this guide, we will explore how you can set up and configure SSH on a Linux machine. We will break it down into manageable sections so that it can be easily understood by anyone.

Understanding SSH and its Benefits

SSH stands for Secure Shell and it is basically a network protocol that allows users to securely access and manage devices on a network. One of its primary purposes is to provide a secure channel by encrypting the data transmitted between the client and the server. It also supports other functions like secure file transfer and port forwarding.

Here are some of the major advantages of using SSH:

• Security: SSH encrypts your communications, making it difficult for hackers to intercept and read the data.
• Data integrity: This ensures that data sent over the network remains unchanged.
• Authentication: SSH allows you to use passwords or public and private keys for authentication.

Prerequisites for configuring SSH

Before you can configure SSH, you need to meet a few pre-requisites. Ensuring these pre-requisites are met will make the configuration process easier.

• Linux system: You need access to a Linux server or desktop. This guide will work for most Linux distributions, such as Ubuntu, CentOS, and Fedora.
• Access to the terminal: You need to have basic knowledge of using the terminal or command line.
• Root privileges: You must have root or sudo access to install packages and make configuration changes.
• Understanding of network settings: Basic knowledge of network settings can be helpful in configuring SSH.

Step 1: Installing SSH

Many Linux distributions come with SSH by default. However, in some cases, you may have to install it manually. The package you need is usually called openssh-server.

Installing on Ubuntu/Debian

Open the terminal and run the following command:

sudo apt update 
sudo apt install openssh-server

Installing on CentOS/RHEL

Run the command:

sudo yum install openssh-server

Starting and enabling the SSH service

After installation, start the SSH service using the following:

sudo systemctl start ssh

To ensure that the SSH service starts at boot, enable it with the command:

sudo systemctl enable ssh

For CentOS or systems using the sshd name, replace ssh with sshd in the commands above.

Step 2: Configuring SSH

Once SSH is installed and running, the next step is to configure it to suit your needs. The main configuration file for SSH is located at /etc/ssh/sshd_config.

Editing the SSH Configuration File

Open the configuration file using the text editor of your choice. For example, using nano, you would use the following:

sudo nano /etc/ssh/sshd_config

Required configuration settings

Here are some key settings you'll want to configure:

• Port: By default, SSH uses port 22. For better security, you may consider changing it to a non-standard port. For example:

  # Port 22
  Port 2222

• PermitRootLogin: For security reasons, it is advisable to disable root login via SSH:

  PermitRootLogin no

• Password authentication: If you prefer to use key-based authentication, disable password authentication:

  PasswordAuthentication no

• MaxAuthTries: Limit the number of authentication attempts before the server disconnects:

  MaxAuthTries 3

• AllowUsers: Restrict SSH to specific users:

  AllowUsers user1 user2

Step 3: Using SSH key-based authentication

SSH keys are a more secure and convenient way to log in to a server. They eliminate the need to remember and enter passwords.

Generating SSH keys

You can generate a key pair on your client machine using the following command:

ssh-keygen -t rsa -b 4096

Follow the prompts to save your key and enter a passphrase for added security if you wish. Your keys will typically be stored in ~/.ssh/id_rsa (private key) and ~/.ssh/id_rsa.pub (public key).

Copying the public key to the server

Use ssh-copy-id to copy your public key to the server. This command will add your public key to the ~/.ssh/authorized_keys file on the server:

ssh-copy-id user@hostname_or_ip

Testing key-based authentication

Once the key is copied, test the SSH connection to make sure it uses key-based authentication:

ssh user@hostname_or_ip

If everything is set up correctly, you will not be asked for a password.

Step 4: Enhancing SSH Security

Security enhancements not only protect your data but also protect your network and systems from unauthorized access. Here are some ways to strengthen SSH security:

Using strong passphrases for SSH keys

Passphrases provide a layer of security to your SSH keys. Choose a strong, unique passphrase to ensure that even if someone gains access to your private key, they won't be able to use it without the passphrase.

Disabling SSH for the root user

As mentioned earlier, disable the ability to log in directly as the root user by setting PermitRootLogin no. Use sudo for administrative tasks instead.

Using a non-standard port

Changing the default SSH port (22) to a less common port can reduce the risk of automated attacks. Just make sure the new port is open in any firewalls protecting the server.

Implementing SSH key authentication only

Disabling password-based login and exclusively using SSH keys significantly reduces the risk of brute-force attacks. After setting up key-based authentication, update sshd_config with PasswordAuthentication no.

Step 5: Testing and Troubleshooting

After configuring SSH, it's important to test your configuration to make sure everything works as expected.

Testing the SSH connection

Test your SSH setup in different scenarios, such as logging in with different user accounts, using key-based logins, and ensuring that restricted users cannot gain access.

Troubleshooting Common Problems

If you encounter any problems, the first thing to do is check the SSH server logs, which are usually located at /var/log/auth.log or /var/log/secure. These logs will provide clues about any authentication or configuration problems.

Conclusion

In conclusion, configuring SSH on your Linux system provides a secure way to remotely access and manage your device. By following the steps outlined in this guide, you can install, configure, and enhance the security of SSH on your server. Remember, security is an ongoing process, so review and update your SSH settings regularly to protect your system.

  Share This Article

If you find anything wrong with the article content, you can request an update