Step by Step Guide to Configure OpenSSH Server on Linux(RHEL/CentOS 7/8)


In this tutorial, I will take you through the steps to configure openssh server on RedHat/CentOS 7 machine. OpenSSH is a free and most popular open source package used in almost all kind of Linux Servers for remote Login using SSH Protocol. It provides an encrypted layer to secure all the communication between SSH Server and SSH Client. This further helps in eliminating eavesdropping, connection hijacking, and other attacks. More on Openssh Official website.

The OpenSSH suite consists of the following tools:-

  • Remote operations are done using ssh, scp, and sftp.
  • Key management with ssh-add, ssh-keysign, ssh-keyscan, and ssh-keygen.
  • The service side consists of sshd, sftp-server, and ssh-agent.

Step by Step Guide to Configure OpenSSH Server on Linux(RHEL/CentOS 7/8)

Step by Step Guide to Configure OpenSSH Server on Linux (RHEL / Centos 7/8)

Also Read: 13 Useful tune2fs Commands to Manage Ext2/Ext3/Ext4 Filesystem

Step 1: Prerequisites

a) You should have a running RHEL/CentOS 7/8 Server.

b) You should have root or sudo access to run all the privileged commands.

c) You should have network connection available to connect and download packages from Repo.

d) You should have yum utility installed in your Server.


Step 2: Install OpenSSH Server

Usually, OpenSSH Server and Client packages are installed during Server building but in case if you don't have it installed then you can quickly install it from Repo using yum install -y openssh-server openssh-clients command. This command should install both Server and Client packages.

After successful installation, you will see a configuration file sshd_config available under /etc/ssh path. You can set all the required parameters from this configuration and then start or restart the sshd service to reflect the changes.

[root@node1 ~]# yum install -y openssh-server openssh-clients

Step 3: Configure X11 Forwarding

If you want to allow a user to start the Graphical Applications from Linux command line, then you can set X11Forwarding parameter to yes as shown below.

[root@node1 ~]# vi /etc/ssh/sshd_config 
X11Forwarding yes

Step 4: Configure Root Login

By default, ssh does not allow root login authentication. If you want to allow root login through SSH Port, then you need to set PermitRootLogin to yes as shown below.

[root@node1 ~]# vi /etc/ssh/sshd_config 
PermitRootLogin yes

Step 5: Configure LogLevel

Another Useful option that you can set from sshd_config file is LogLevel. It basically provides different level of verbosity to log messages. Possible values of LogLevel are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. It is always recommended to set LogLevel to verbose. This will enable the fingerprint for any ssh key used for login to get logged.

[root@node1 ~]# vi /etc/ssh/sshd_config 
LogLevel verbose

Step 6: Configure SSH Port

If you want to change the port number from default port 22, then you can change it from here where you can specify a different SSH Port. As of now we are keeping it to default Port 22.

[root@node1 ~]# vi /etc/ssh/sshd_config 
Port 22

Step 7: Start and Enable SSH Service

Once SSH Service is configured, you can start it by using systemctl start sshd command and then enable it by using systemctl enable sshd. If everything goes well, you will be able to see success status by using systemctl status sshd command. In case, if you change any configuration from sshd_config file then you need to restart the service once by systemctl restart sshd command.

[root@node1 ~]# systemctl start sshd
[root@node1 ~]# systemctl enable sshd
[root@node1 ~]# systemctl status sshdsshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: enabled)
Active: active (running) since Mon 2021-05-03 03:05:08 EDT; 9min ago
Docs: man:sshd(8)
Main PID: 904 (sshd)
CGroup: /system.slice/sshd.service
└─904 /usr/sbin/sshd -D

May 03 03:05:08 localhost.localdomain systemd[1]: Starting OpenSSH server daemon...
May 03 03:05:08 localhost.localdomain sshd[904]: Server listening on port 22.
May 03 03:05:08 localhost.localdomain sshd[904]: Server listening on :: port 22.
May 03 03:05:08 localhost.localdomain systemd[1]: Started OpenSSH server daemon.
May 03 03:12:52 localhost.localdomain sshd[1349]: Accepted password for root from port 50109 ssh2

Leave a Comment