How to install and configure SSH server on RHEL 7

Linux Permissions

Setting up a SSH server is one of the most common tasks a system administrator has to do and must know how to do. It is a simple thing to do indeed, but configuring and securing a SSH server is another matter. Let’s learn the basics.

So what is SSH?

If you’re asking this, well you’re not in the right place. Before you go and configure a server, you should understand how SSH works and how to use its client. You can wait forever to learn a fundamental skill, or do it now reading this post.

Install SSH server

Caution
Before starting, remember that whatever you read here is only a tutorial, in real-life scenarios you should watch what you do and think carefully about the consequences.
To commence you must install the SSH server (and client). There are many servers that you can choose from, but today we’re going to install OpenSSH, probably the most popular one.
# yum install -y openssh-server openssh-clients

If everything goes well, you will have a SSH server installed and a key for the host configured. Next thing is to enable and start the service using systemd. And next is opening the appropriate firewall port. I assume you’re using firewalld instead of iptables.

# systemctl start sshd
# systemctl enable sshd
# firewall-cmd --permanent --add-service ssh
# firewall-cmd --reload

This ensures the SSH server is loaded and started at boot time, and start it right now. Ok, end of the story. It can indeed work like this, but you should also take a few minutes to configure your new SSH server. First you should familiarize with the configuration folder: /etc/ssh . You will find a few files inside this folder, the configuration of the server resides however in the sshd_config file.

Configuring SSH server

There are many many configuration options, we’ll cover the most important ones.

Port 22                    # Tells sshd to listen on the port
AddressFamily any          # Listen on IPv4 or IPv6 only or both
ListenAddress 0.0.0.0      # Listen on the address specified, can use both IPv4 and IPv6
PermitRootLogin no         # Allow root to use ssh, it should always be set to no
MaxAuthTries 6             # Defines the number of tries allowed during login
MaxSessions 10             # Defines the maximum number of simultaneous connections
PubkeyAuthentication yes   # If set to yes enables the use of public key authentication
PasswordAuthentication yes # This will enforce key-based if set to no and ask passwords if set to yes

This is by no mean a complete list, but shows you the most used (and important) options. If you’re willing here’s the complete list. Be sure to reload sshd for the changes to take effect

# systemctl reload sshd

Also, changing the port or the address will require a restart of the SSH server.

Conclusion

You now know how to install and modify the basic configuration of OpenSSH server, but there are quite a few things we didn’t mention: e.g. if you wanted to change the port on which SSH listens you should change the Port option, however that wouldn’t be enough. You must inform the firewall in order for that to work (if enabled), and if it is enabled also SELinux. Since these are quite advanced things and go beyond the scope of the article itself, we won’t address them.

Image courtesy of Kev-shine
mark

You may also like...

2 Responses

  1. Mitt Moran says:

    good clean instruction

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: