SSH is a widely used protocol used mostly by system administrators to securely login to remote servers. It allows them the command-line access to work on the remote system as if they are sitting right at the server.
Here at LinuxAPT as part of our Server Management Services, we regularly help our Customers to perform related SSH queries on Linux System.
In this context, we shall look into how you can enable SSH on the CentOS system and connect to it using an SSH client. Also, you will learn how to configure the SSH server.
If using an Ubuntu OS, you can easily read this post to enable SSH on Ubuntu.
1. Install OpenSSH Server
To begin, you will have to install an OpenSSH server on the machine you want to remotely access via SSH. Use the command below to install the OpenSSH server on your CentOS machine:
$ sudo dnf install openssh-server
If prompted, Enter sudo password and then you will see the installation started. Press y if prompted for confirmation.
Now, OpenSSH server will be installed on your system.
2. Start SSH Daemon and Verify Status
Now that SSH has been installed, you can start its service. Use the command below to start SSH daemon:
$ sudo systemctl start ssh
Then to verify if the SSH daemon has started, use the command below:
$ sudo systemctl status sshd
3. Allow SSH through Firewall
If the firewall is enabled on your CentOS system, it will block the incoming SSH traffic. To permit incoming SSH traffic, you will need to add a rule in the firewall. The default port used by SSH is 22. So the rule should open port 22.
Use the command below to allow incoming SSH traffic on port 22:
$ sudo firewall-cmd --permanent --add-port=22/tcp
This command will add a rule in your firewall that will allow traffic on port 22. If you have configured SSH for a port other than 22, make sure to use that port in the firewall rule.
4. Test SSH access
To test if SSH is working and you can connect to it, open your client machine. This machine should have an SSH client. If you are using a CentOS client, you can install SSH client as follows:
$ sudo dnf install openssh-clients
Here we are going to test it using our Ubuntu client machine.
To connect to an SSH server, you will require an IP address and a username of the remote system:
$ ssh remote_username@remote_ip_address
For instance, in our case, the IP address of the remote machine (where the SSH server is installed) was "192.168.72.100" and the username was "linuxapt", so we ran the command:
$ ssh linuxapt@192.168.72.100
Note: If you don't know how to find the IP address of a machine, visit this post.
After you have connected to the SSH server, it will ask you to enter the password. Enter the password and then you will be login to your remote system. Now you will also notice the Terminal prompt has been changed to reflect the remote system username and system name.
The SSH configuration file is located at /etc/ssh/sshd_config. This file contains different configuration options which you can change according to your needs. Here we will look at few common options that might need modifications e.g. changing the default SSH port and the listening address, disabling root login, configuring max sessions and password tries, etc.
To configure or change any option, you will need to edit the sshd_config file:
$ sudo nano /etc/ssh/sshd_config
Remember, after changing any settings in the sshd_config file, make sure to reload the SSH server to implement the changes:
$ sudo systemctl reload ssh
The SSH by default uses port 22 for listening to incoming connections. If for any reason you want to change the SSH port, you can do so by editing the sshd_config file and searching for a line that says:
# Port 22
Uncomment the line by removing the hash (#) and the replace 22 with the port number you want to set for SSH.
Once done, save and close the sshd_config file.
By default, SSH listens on all local interfaces. To configure SSH to listen on only a specific network interface, edit the sshd_config file:
$ sudo nano /etc/ssh/sshd_config
Search for the line that says:
#ListenAddress 0.0.0.0
Uncomment the above line and replace 0.0.0.0 with the local address on which you want SSH to listen on.
Once done, save and close the sshd_config file.
By default, the root user is allowed to log in using SSH. This is controlled by the PermitRootLogin parameter in the sshd_config file which is by default "yes" which means root login is allowed.
To disable root login, edit the sshd_config file:
$ sudo nano /etc/ssh/sshd_config
Look for the line that says:
# PermitRootLogin no
Uncomment (if commented) the above line and replace “no” by “yes” to disable root login using SSH.
Once done, save and close the sshd_config file.
By default, the maximum number of sessions allowed per network connection is 10. It can be changed by the MaxSessions parameter in the sshd_config file. Similarly, the maximum number of authentication attempts for one login session is 6 which can be changed using the MaxAuthTries parameter.
To change the number of sessions allowed per network connection, search for the line that says:
# MaxSessions 10
Uncomment the above line and replace its value with your desired value.
To change the number of authentication attempts allowed per login session, search for the line that says:
# MaxAuthTries 6
Uncomment the above line and replace its value with your desired value.
Once done, save and close the sshd_config file.
When you connect to the SSH server, it gives you 120 seconds (default time) to complete your authentication using a username and password. If you do not login during this time, the server drops the connection and you have to login again. You can set this time a little higher than it takes you to complete login or set it lower to prevent DoS attacks where multiple sessions are kept open for a long time.
To change this time, search for the line that says:
# LoginGraceTime 120
Uncomment the above line and replace its value with your desired time (in seconds). If you do not want to set any time limit, set it value to 0.
Once done, save and close the sshd_config file.
This article covers how to enable SSH on a CentOS machine and connect to it using a client machine. If you want to make your remote access secure, Read our post on the Best Ways to Secure Your SSH Server.
SSH provides the ability to transfer files between remote systems. When a user logs into a remote system using SSH, they receive a command prompt allowing them to enter commands on the remote system as if they were sitting at the remote system and had opened a terminal session.
How to Install OpenSSH Server Software Package ?
Enter the following command from your terminal to start the installation process:
$ sudo yum –y install openssh-server openssh-clients
This command installs both the OpenSSH client applications, as well as the OpenSSH server daemon, sshd.