SSH Server (Secure Shell) Installation and Configuration RHEL 7 / Centos 7
SSH Server (Secure Shell) is a program for logging into a remote host / server and managing remote host / server by executing commands. It is intended to provide secure encrypted communications between client and server over an insecure network. SSH will also support X11 forwarding (which means executing GUI tasks).
SSH Server Profile
- Packages : yum install openssh
- Port Number: 22 is default
- Config File: /etc/ssh/sshd_config
- Daemon Name: sshd
Advantages of SSH Server
- It Provides secure connection to remote host
- Using SSH we can also copy files from one host to another host (SCP) Secure copy
- Upload file securely using SFTP
- Execute commands on remote host
- Create Passwordless authentication (Key Based Authentication ) to run automated scripts
SSH Server (Secure Shell) Installation and configuration
To install SSH Server it’s so simple using yum / rpm packages. Most of the installation methods will install openssh packages along with the Operating System installation itself.
[root@ArkitServer ~]# yum install openssh Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register. RHEL7 | 4.1 kB 00:00:00 (1/2): RHEL7/group_gz | 136 kB 00:00:00 (2/2): RHEL7/primary_db | 3.9 MB 00:00:00 Package openssh-6.6.1p1-31.el7.x86_64 already installed and latest version Nothing to do
Enable and Start Services
[root@ArkitServer ~]# systemctl enable sshd.service [root@ArkitServer ~]# systemctl status sshd.service ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2017-03-15 20:54:55 IST; 23min ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 1201 (sshd) CGroup: /system.slice/sshd.service └─1201 /usr/sbin/sshd
Configure SSH Settings using config file
[root@ArkitServer ~]# vi /etc/ssh/sshd_config
Restrict access to particular Network by adding network id. Example: 192.168.1.0/24
#ListenAddress 0.0.0.0 #ListenAddress ::
Change SSH default port to something else (instead of 22). After defining the port number in config file we have to apply SELinux policy
Port 1028
run below command to change SELinux context
semanage port -a -t ssh_port_t -p tcp 1028
Log authentication related logs to log file, If you hash out the SyslogFacility authentication related messages will not be logged
# Logging # obsoletes QuietMode and FascistLogging #SyslogFacility AUTH SyslogFacility AUTHPRIV #LogLevel INFO
How to Permit Root Login via SSH..?
Permit root login from SSH you have to un-comment below config line (by default root is allowed). If you would like to deny root login via SSH instead of ‘yes’ write ‘no’
#PermitRootLogin yes
Enabling Key Based authentication, remote host keys would be added to required file. Customization can be done by specifying below parameter in config file
AuthorizedKeysFile .ssh/authorized_keys
GUI windows access using SSH, Enable X11forwarding so that you can run GUI window on remote host from SSH
X11Forwarding yes
Banner Message when user logged in to server using SSH, user will see an banner message. To specify Banner message enable below config line
Banner /filepath
Allow to ssh only particular group members
AllowGroups groupname
Likewise there are so many options to configure SSH Server (Secure Shell) and optimize
Conclusion: SSH is used to connect remote servers securely and manage them easily. Mostly used protocol in the world is SSH.
Related Articles
How to Setup Passwordless Authentication to run scripts
Thanks for your wonderful Support and Encouragement