SSH Server (Secure Shell) Installation and Configuration RHEL 7 / Centos 7

SSH Server (Secure Shell) is a program for logging into a remote host / server and managing remote host / server by executing commands. It is intended to provide secure encrypted communications between client and server over an insecure network. SSH will also support X11 forwarding (which means executing GUI tasks).

SSH Server Profile

  • Packages : yum install openssh
  • Port Number: 22 is default
  • Config File: /etc/ssh/sshd_config
  • Daemon Name: sshd

Advantages of SSH Server

  • It Provides secure connection to remote host
  • Using SSH we can also copy files from one host to another host (SCP) Secure copy
  • Upload file securely using SFTP
  • Execute commands on remote host
  • Create Passwordless authentication (Key Based Authentication ) to run automated scripts

SSH Server (Secure Shell) Installation and configuration

To install SSH Server it’s so simple using yum / rpm packages. Most of the installation methods will install openssh packages along with the Operating System installation itself.

[root@ArkitServer ~]# yum install openssh
Loaded plugins: langpacks, product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
RHEL7 | 4.1 kB 00:00:00
(1/2): RHEL7/group_gz | 136 kB 00:00:00
(2/2): RHEL7/primary_db | 3.9 MB 00:00:00
Package openssh-6.6.1p1-31.el7.x86_64 already installed and latest version
Nothing to do

Enable and Start Services

[root@ArkitServer ~]# systemctl enable sshd.service
[root@ArkitServer ~]# systemctl status sshd.service
 sshd.service - OpenSSH server daemon
 Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
 Active: active (running) since Wed 2017-03-15 20:54:55 IST; 23min ago
 Docs: man:sshd(8)
 Main PID: 1201 (sshd)
 CGroup: /system.slice/sshd.service
 └─1201 /usr/sbin/sshd

Configure SSH Settings using config file

[root@ArkitServer ~]# vi /etc/ssh/sshd_config

Restrict access to particular Network by adding network id. Example:

#ListenAddress ::

Change SSH default port to something else (instead of 22). After defining the port number in config file we have to apply SELinux policy

Port 1028

run below command to change SELinux context

semanage port -a -t ssh_port_t -p tcp 1028

Log authentication related logs to log file, If you hash out the SyslogFacility authentication related messages will not be logged

# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO

How to Permit Root Login via SSH..?

Permit root login from SSH you have to un-comment below config line (by default root is allowed). If you would like to deny root login via SSH instead of ‘yes’ write ‘no’

#PermitRootLogin yes

Enabling Key Based authentication, remote host keys would be added to required file. Customization can be done by specifying below parameter in config file

AuthorizedKeysFile      .ssh/authorized_keys

GUI windows access using SSH, Enable X11forwarding so that you can run GUI window on remote host from SSH

X11Forwarding yes

Banner Message when user logged in to server using SSH, user will see an banner message. To specify Banner message enable below config line

Banner /filepath

Allow to ssh only particular group members

AllowGroups groupname

Likewise there are so many options to configure SSH Server (Secure Shell) and optimize

Conclusion: SSH is used to connect remote servers securely and manage them easily. Mostly used protocol in the world is SSH.

Related Articles

How to Setup Passwordless Authentication to run scripts

SELinux Context

Thanks for your wonderful Support and Encouragement