Last updated on August 18, 2020 by Dan Nanni
Secure shell (SSH) is a network protocol providing shell services on a remote machine via a secure channel. SSH provides various security benefits such as user/host authentication, data encryption, and data integrity, thereby preventing common attacks such as eavesdropping, DNS/IP spoofing, data forgery, connection hijacking, etc. Users of
rlogin which use plain-text protocols are strongly recommended to switch to SSH.
OpenSSH is an open-source implementation of the SSH protocol, allowing encrypted communication over a network via a suite of software. If you would like to set up SSH on Linux, you can install OpenSSH, which consists of OpenSSH server and client packages.
OpenSSH server/client packages come with the following utilities:
scp(secure remote copy),
sftp(secure file transfer),
ssh(secure remote login),
ssh-add(private key addition),
ssh-keygen(authentication key management).
If you want to install OpenSSH server/client, and auto-start OpenSSH server, follow these distro-specfic instructions.
$ sudo apt-get install openssh-server openssh-client
On Debian-based systems, once OpenSSH server is installed, OpenSSH server will start automatically upon boot. If for any reason OpenSSH server does not get started automatically upon boot, you can run the following command to explicitly add SSH to boot time service.
To auto-start OpenSSH server on Ubuntu 14.10 and Debian 7.0 or earlier:
$ sudo update-rc.d ssh defaults
To auto-start OpenSSH server on Ubuntu 15.04 and Debian 8.0 or later:
$ sudo systemctl enable ssh
$ sudo yum -y install openssh-server openssh-clients $ sudo systemctl start sshd service $ sudo systemctl enable sshd.service
$ sudo yum -y install openssh-server openssh-clients $ sudo service sshd start $ sudo chkconfig sshd on
$ sudo pacman -Sy openssh $ sudo systemctl start sshd service $ sudo systemctl enable sshd.service
If you would like to configure OpenSSH server, you can edit the system-wide OpenSSH configuration file
There are a couple of OpenSSH options you may be interested in:
sshd listens on port
22 to listen for incoming SSH connections. By changing the default SSH port, you may be able to avert various automated attacks from hackers.
If your machine has more than one physical network interface, and you would like to specify the interface on which
sshd binds, you can use the ListenAddress option. This option helps improve security by limiting incoming SSH connections via a specific interface only.
HostKey option specifies where the private host key is located. If for any reason, the host key got corrupted, you need to re-generate it.
PermitRootLogin option tells whether root can log in to the system via SSH.
AllowUsers alice bob
AllowUsers option, you can selectively disable SSH service for particular Linux users. You can specify multiple users separated by space.
Once you have modified
/etc/ssh/sshd_config, make sure to restart SSH service.
To restart OpenSSH server on Debian 8, Ubuntu 15.04 or later:
$ sudo systemctl restart ssh
To restart OpenSSH server on Debian 7, Ubuntu 14.10 or earlier:
$ sudo /etc/init.d/ssh restart
To restart OpenSSH server on Fedora, CentOS/RHEL 7+ or Arch Linux:
$ sudo systemctl restart sshd
To restart OpenSSH server on CentOS/RHEL 6 or earlier:
$ sudo service sshd restart
This website is made possible by minimal ads and your gracious donation via PayPal or credit card
Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.