In this tutorial, I will take you through the steps to configure openssh server on RedHat/CentOS 7 machine. OpenSSH is a free and most popular open source package used in almost all kind of Linux Servers for remote Login using SSH Protocol. It provides an encrypted layer to secure all the communication between SSH Server and SSH Client. This further helps in eliminating eavesdropping, connection hijacking, and other attacks. More on Openssh Official website.
The OpenSSH suite consists of the following tools:-
- Remote operations are done using ssh, scp, and sftp.
- Key management with ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.
- The service side consists of sshd, sftp-server, and ssh-agent.
Step by Step Guide to Configure OpenSSH Server on Linux (RHEL / Centos 7/8)
Also Read: 13 Useful tune2fs Commands to Manage Ext2/Ext3/Ext4 Filesystem
Step 1: Prerequisites
a) You should have a running
RHEL/CentOS 7/8 Server.
b) You should have root or sudo access to run all the privileged commands.
c) You should have network connection available to connect and download packages from Repo.
d) You should have yum utility installed in your Server.
Step 2: Install OpenSSH Server
Usually, OpenSSH Server and Client packages are installed during Server building but in case if you don't have it installed then you can quickly install it from Repo using
yum install -y openssh-server openssh-clients command. This command should install both Server and Client packages.
After successful installation, you will see a configuration file
sshd_config available under
/etc/ssh path. You can set all the required parameters from this configuration and then start or restart the sshd service to reflect the changes.
[root@node1 ~]# yum install -y openssh-server openssh-clients
Step 3: Configure X11 Forwarding
If you want to allow a user to start the Graphical Applications from Linux command line, then you can set
X11Forwarding parameter to
yes as shown below.
[root@node1 ~]# vi /etc/ssh/sshd_config X11Forwarding yes
Step 4: Configure Root Login
By default, ssh does not allow root login authentication. If you want to allow root login through SSH Port, then you need to set
PermitRootLogin to yes as shown below.
[root@node1 ~]# vi /etc/ssh/sshd_config PermitRootLogin yes
Step 5: Configure LogLevel
Another Useful option that you can set from
sshd_config file is
LogLevel. It basically provides different level of verbosity to log messages. Possible values of LogLevel are:
DEBUG3. It is always recommended to set LogLevel to
verbose. This will enable the fingerprint for any ssh key used for login to get logged.
[root@node1 ~]# vi /etc/ssh/sshd_config LogLevel verbose
Step 6: Configure SSH Port
If you want to change the port number from default port 22, then you can change it from here where you can specify a different SSH Port. As of now we are keeping it to default
[root@node1 ~]# vi /etc/ssh/sshd_config Port 22
Step 7: Start and Enable SSH Service
Once SSH Service is configured, you can start it by using
systemctl start sshd command and then enable it by using
systemctl enable sshd. If everything goes well, you will be able to see success status by using
systemctl status sshd command. In case, if you change any configuration from
sshd_config file then you need to restart the service once by
systemctl restart sshd command.
[root@node1 ~]# systemctl start sshd [root@node1 ~]# systemctl enable sshd [root@node1 ~]# systemctl status sshd ● sshd.service - OpenSSH server daemon Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2021-05-03 03:05:08 EDT; 9min ago Docs: man:sshd(8) man:sshd_config(5) Main PID: 904 (sshd) CGroup: /system.slice/sshd.service └─904 /usr/sbin/sshd -D May 03 03:05:08 localhost.localdomain systemd: Starting OpenSSH server daemon... May 03 03:05:08 localhost.localdomain sshd: Server listening on 0.0.0.0 port 22. May 03 03:05:08 localhost.localdomain sshd: Server listening on :: port 22. May 03 03:05:08 localhost.localdomain systemd: Started OpenSSH server daemon. May 03 03:12:52 localhost.localdomain sshd: Accepted password for root from 192.168.19.56 port 50109 ssh2