How to install SSH on Linux

Last updated on August 18, 2020 by Dan Nanni

Secure shell (SSH) is a network protocol providing shell services on a remote machine via a secure channel. SSH provides various security benefits such as user/host authentication, data encryption, and data integrity, thereby preventing common attacks such as eavesdropping, DNS/IP spoofing, data forgery, connection hijacking, etc. Users of ftp, telnet or rlogin which use plain-text protocols are strongly recommended to switch to SSH.

OpenSSH is an open-source implementation of the SSH protocol, allowing encrypted communication over a network via a suite of software. If you would like to set up SSH on Linux, you can install OpenSSH, which consists of OpenSSH server and client packages.

OpenSSH server/client packages come with the following utilities:

Install OpenSSH Server and Client on Linux

If you want to install OpenSSH server/client, and auto-start OpenSSH server, follow these distro-specfic instructions.

For Debian, Ubuntu or Linux Mint:

$ sudo apt-get install openssh-server openssh-client

On Debian-based systems, once OpenSSH server is installed, OpenSSH server will start automatically upon boot. If for any reason OpenSSH server does not get started automatically upon boot, you can run the following command to explicitly add SSH to boot time service.

To auto-start OpenSSH server on Ubuntu 14.10 and Debian 7.0 or earlier:

$ sudo update-rc.d ssh defaults

To auto-start OpenSSH server on Ubuntu 15.04 and Debian 8.0 or later:

$ sudo systemctl enable ssh

For Fedora and CentOS/RHEL 7 or Later:

$ sudo yum -y install openssh-server openssh-clients
$ sudo systemctl start sshd service
$ sudo systemctl enable sshd.service

For CentOS/RHEL 6 or Earlier:

$ sudo yum -y install openssh-server openssh-clients
$ sudo service sshd start
$ sudo chkconfig sshd on

For Arch Linux:

$ sudo pacman -Sy openssh
$ sudo systemctl start sshd service
$ sudo systemctl enable sshd.service

Configure OpenSSH Server

If you would like to configure OpenSSH server, you can edit the system-wide OpenSSH configuration file /etc/ssh/sshd_config.

There are a couple of OpenSSH options you may be interested in:

Port 22

By default, sshd listens on port 22 to listen for incoming SSH connections. By changing the default SSH port, you may be able to avert various automated attacks from hackers.

ListenAddress 192.168.1.1

If your machine has more than one physical network interface, and you would like to specify the interface on which sshd binds, you can use the ListenAddress option. This option helps improve security by limiting incoming SSH connections via a specific interface only.

HostKey /etc/ssh/ssh_host_key

The HostKey option specifies where the private host key is located. If for any reason, the host key got corrupted, you need to re-generate it.

PermitRootLogin no

The PermitRootLogin option tells whether root can log in to the system via SSH.

AllowUsers alice bob

Using the AllowUsers option, you can selectively disable SSH service for particular Linux users. You can specify multiple users separated by space.

Once you have modified /etc/ssh/sshd_config, make sure to restart SSH service.

To restart OpenSSH server on Debian 8, Ubuntu 15.04 or later:

$ sudo systemctl restart ssh

To restart OpenSSH server on Debian 7, Ubuntu 14.10 or earlier:

$ sudo /etc/init.d/ssh restart

To restart OpenSSH server on Fedora, CentOS/RHEL 7+ or Arch Linux:

$ sudo systemctl restart sshd

To restart OpenSSH server on CentOS/RHEL 6 or earlier:

$ sudo service sshd restart

Support Xmodulo

This website is made possible by minimal ads and your gracious donation via PayPal or credit card

Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.

Xmodulo © 2021 ‒ AboutWrite for UsFeed ‒ Powered by DigitalOcean