Secure shell (SSH) is a network protocol providing shell services on a remote machine via a secure channel. SSH provides various security benefits such as user/host authentication, data encryption, and data integrity, thereby preventing common attacks such as eavesdropping, DNS/IP spoofing, data forgery, connection hijacking, etc. Users of ftp, telnet or rlogin which use plain-text protocols are strongly recommended to switch to SSH.
OpenSSH is an open-source implementation of the SSH protocol, allowing encrypted communication over a network via a suite of software. If you would like to set up SSH on Linux, you can install OpenSSH, which consists of OpenSSH server and client packages.
OpenSSH server/client packages come with the following utilities:
- OpenSSH server: sshd (SSH daemon)
- OpenSSH client: scp (secure remote copy), sftp (secure file transfer), slogin/ssh (secure remote login), ssh-add (private key addition), ssh-agent (authentication agent), ssh-keygen (authentication key management).
Install OpenSSH Server and Client on Linux
To install OpenSSH server/client, and auto-start OpenSSH server on CentOS or RHEL:
$ sudo service sshd start
$ sudo chkconfig sshd on
To install OpenSSH server/client. and auto-start OpenSSH server on Fedora:
$ sudo systemctl start sshd service
$ sudo systemctl enable sshd.service
To install OpenSSH server/client, and auto-start OpenSSH server on Ubuntu or Debian:
On Debian-based systems, once OpenSSH server is installed, OpenSSH server will start automatically upon boot.
On Debian/Ubuntu, if for any reason OpenSSH server does not get started automatically upon boot, you can run the following command to explicitly add ssh to boot time service.
Configure OpenSSH Server
If you would like to configure OpenSSH server, you can edit system-wide OpenSSH configuration file located at /etc/ssh/sshd_config.
There are a couple of OpenSSH options you may be interested in:
By default, sshd listens on port 22 to listen for incoming ssh connections. By changing the default ssh port, you may be able to avert various automated attacks from hackers.
If your machine has more than one physical network interface, and you would like to specify the interface on which sshd binds, you can use the ListenAddress option. This option helps improve security by limiting incoming SSH connections via a specific interface only.
The HostKey option specifies where the private host key is located.
The PermitRootLogin option tells whether root can log in to the system via ssh.
AllowUsers alice bob
Using the AllowUsers option, you can selectively disable ssh service for particular Linux users. You can specify multiple users separated by space.
Once you have modified /etc/ssh/sshd_config, make sure to restart ssh service.
To restart OpenSSH on Ubuntu or Debian:
To restart OpenSSH on CentOS, Fedora or RHEL:
Subscribe to Xmodulo
Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.