How to Install OpenSSH on a Linux Server

Himanshu Joshi Knowledgebase

OpenSSH (Open Secure Shell) is a strong tool for secure communication over an unsafe network like the Internet. It creates an encrypted connection between a client and a server. This lets users access and manage servers from a distance, transfer files, and run commands. System administrators and developers widely use OpenSSH because it keeps data, including passwords and files, safe during transmission. Its solid security features, including encryption and authentication, make it a reliable option for remote server management.

OpenSSH on a Linux

In this article, we will guide you on how to install OpenSSH on a Linux server. We will cover how to update your system, install the OpenSSH package, start and enable the SSH service, configure the firewall, and check the installation. Finally, we will explain how to secure your SSH server by changing its configuration.

Prerequisites

Before installing OpenSSH, make sure you meet these requirements:

  • You need root or sudo privileges on your Linux server.
  • You should have a running Linux server (e.g., Ubuntu, CentOS, or Debian).
  • Ensure the server has an active internet connection to install packages.

Install OpenSSH on Various Linux Distributions

OpenSSH installation steps can vary slightly depending on the Linux distribution you are using. In this section, we’ll cover the commands and methods for installing OpenSSH on popular distributions such as Ubuntu, CentOS, and Debian. Let’s dive into the specifics for each one.

Install OpenSSH on Ubuntu/Debian

For Ubuntu or Debian systems, follow these steps:

  • Update the System:

Before installing OpenSSH, update your system’s package list to ensure you have the latest software.

sudo apt update
  • Install OpenSSH Server:

Install the OpenSSH package with the following command:

sudo apt install openssh-server
  • Start and Enable SSH Service:

Start the SSH service and enable it to start automatically at boot:

sudo systemctl start ssh
sudo systemctl enable ssh
  • Check the SSH Service Status:

Ensure the SSH service is active and running:

sudo systemctl status ssh
  • Configure Firewall (If applicable):

Allow SSH connections through the firewall:

sudo ufw allow ssh
sudo ufw reload
  • Verify SSH Installation:

Test the SSH connection from a remote machine:

ssh user@server_ip

Install OpenSSH on CentOS/RHEL

For CentOS or RHEL systems, follow these steps:

  • Update the System:

Update the system’s package list for the latest software updates:

sudo yum update
  • Install OpenSSH Server:

Install the OpenSSH package:

sudo yum install openssh-server
  • Start and Enable SSH Service:

Start and enable the SSH service:

sudo systemctl start sshdsudo systemctl enable sshd
  • Check the SSH Service Status:

Verify that the SSH service is running:

sudo systemctl status sshd
  • Configure Firewall (If applicable):

Allow SSH through the firewall using Firewalld:

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
  • Verify SSH Installation:

Test SSH from a remote system:

ssh user@server_ip

Check Out | How to Install MariaDB on a Linux Server

Configure SSH on Linux

Configuring SSH allows you to fine-tune your SSH server’s settings for better security and performance. By default, SSH is set up to be functional for general use, but it may require customization based on your specific security requirements or preferences. In this section, we will walk through common SSH configurations, including securing your server, disabling root login, changing the default port, and more.

Edit the SSH Configuration File

The primary configuration file for SSH is located at /etc/ssh/sshd_config. This file controls how SSH behaves on your system. To edit this file, you’ll need to open it using a text editor, like nano or vim.

For example, to open the file with nano, run:

sudo nano /etc/ssh/sshd_config

Disabling Root Login

Allowing root to log in directly over SSH is a security risk, as it gives attackers a direct way to access the highest privilege level on the server. To prevent this, you can disable root login via SSH.

In the sshd_config file, look for the line PermitRootLogin and change it to no:

PermitRootLogin no

This configuration prevents direct root access and encourages the use of a normal user account with sudo privileges to perform administrative tasks.

Changing the Default SSH Port

By default, SSH runs on port 22. Changing this port to a non-standard one can help reduce the likelihood of automated attacks that target the default SSH port.

To change the SSH port, find the line Port 22 and change it to a custom port number (e.g., 2222):

Port 2222

Make sure the new port number you choose is not in use by other services on your server and that you adjust your firewall to allow connections on this new port.

Enabling Public Key Authentication

Using password authentication for SSH access can be a security risk. Instead, public key authentication is considered more secure. To enable it, you need to generate SSH keys on your client machine and copy the public key to your server.

To enable public key authentication, ensure the following line is present in the sshd_config file:

PubkeyAuthentication yes

Then, disable password authentication by setting the following line:

PasswordAuthentication no

After making these changes, only users with the corresponding private key will be able to authenticate.

Limiting User Access

For added security, you may want to limit which users can connect via SSH. This can be done by adding the AllowUsers directive in the configuration file. For example:

AllowUsers user1 user2

This will allow only user1 and user2 to log in via SSH and deny all other users. You can also use AllowGroups to restrict access to certain user groups.

Restart SSH for Changes to Take Effect

After making changes to the sshd_config file, save your edits and exit the text editor. Then, restart the SSH service for the changes to take effect.

sudo systemctl restart ssh

Check Out | How to Install MySQL on a Linux Server

Conclusion

You’ve successfully installed OpenSSH on your Linux server. Now you can securely access and manage your server remotely. It’s crucial to keep your SSH server secure by disabling root login and changing the default port, among other best practices. Regularly check and update your system to maintain a secure environment. For more detailed guidance and advanced configuration options, be sure to consult the official OpenSSH documentation.

Tags:
Leave A Comment