How to install and configure SSH server on RHEL 7
Setting up a SSH server is one of the most common tasks a system administrator has to do and must know how to do. It is a simple thing to do indeed, but configuring and securing a SSH server is another matter. Let’s learn the basics.
So what is SSH?
If you’re asking this, well you’re not in the right place. Before you go and configure a server, you should understand how SSH works and how to use its client. You can wait forever to learn a fundamental skill, or do it now reading this post.
Install SSH serverTo commence you must install the SSH server (and client). There are many servers that you can choose from, but today we’re going to install OpenSSH, probably the most popular one.
# yum install -y openssh-server openssh-clients
If everything goes well, you will have a SSH server installed and a key for the host configured. Next thing is to enable and start the service using systemd. And next is opening the appropriate firewall port. I assume you’re using firewalld instead of iptables.
# systemctl start sshd # systemctl enable sshd # firewall-cmd --permanent --add-service ssh # firewall-cmd --reload
This ensures the SSH server is loaded and started at boot time, and start it right now. Ok, end of the story. It can indeed work like this, but you should also take a few minutes to configure your new SSH server. First you should familiarize with the configuration folder: /etc/ssh . You will find a few files inside this folder, the configuration of the server resides however in the sshd_config file.
Configuring SSH server
There are many many configuration options, we’ll cover the most important ones.
Port 22 # Tells sshd to listen on the port AddressFamily any # Listen on IPv4 or IPv6 only or both ListenAddress 0.0.0.0 # Listen on the address specified, can use both IPv4 and IPv6 PermitRootLogin no # Allow root to use ssh, it should always be set to no MaxAuthTries 6 # Defines the number of tries allowed during login MaxSessions 10 # Defines the maximum number of simultaneous connections PubkeyAuthentication yes # If set to yes enables the use of public key authentication PasswordAuthentication yes # This will enforce key-based if set to no and ask passwords if set to yes
This is by no mean a complete list, but shows you the most used (and important) options. If you’re willing here’s the complete list. Be sure to reload sshd for the changes to take effect
# systemctl reload sshd
Also, changing the port or the address will require a restart of the SSH server.
You now know how to install and modify the basic configuration of OpenSSH server, but there are quite a few things we didn’t mention: e.g. if you wanted to change the port on which SSH listens you should change the Port option, however that wouldn’t be enough. You must inform the firewall in order for that to work (if enabled), and if it is enabled also SELinux. Since these are quite advanced things and go beyond the scope of the article itself, we won’t address them.