Saturday, December 28, 2024
Google search engine
HomeSecurity & TestingHow to Install / Enable OpenSSH on CentOS 7

How to Install / Enable OpenSSH on CentOS 7

Introduction

Secure Shell (SSH) is a cryptographic protocol that allows a client to interact with a remote server in a secure environment.

High-level encryption protects the exchange of sensitive information and allows flie trans or issue commands on remote machines securely.

Learn how to enable SSH on CentOS 7 by following the instructions in this short tutorial.

Introduction image on how to enable or install SSH on CentOS 7Introduction image on how to enable or install SSH on CentOS 7

Prerequisites

  • CentOS 7 system to act as an SSH server
  • A user with necessary permissions
  • Access to a command line (Ctrl-Alt-T)
  • yum utility (included by default)

Installing and Enabling OpenSSH on CentOS 7

SSH software packages are included on CentOS by default. However, if these packages are not present on your system, easily install them by completing Step 1, outlined below.

Step 1: Install OpenSSH Server Software Package

Enter the following command from your terminal to start the installation process:

sudo yum –y install openssh-server openssh-clients

This command installs both the OpenSSH client applications, as well as the OpenSSH server daemon, sshd.

verification latest client and server versions are installedverification latest client and server versions are installed

In this example, the system informs us that the latest version is already present.

Step 2: Starting SSH Service

To start the SSH daemon on the OpenSSH server:

sudo systemctl start sshd

When active, sshd continuously listens for client connections from any of the client tools. When a connection request occurs, sshd sets up the correct connection.

Step 3: Check sshd status

Check the status of the SSH daemon:

sudo systemctl status sshd

As we have previously started the service, the output confirms that it is active.

Check sshd status with systemctl commandCheck sshd status with systemctl command

To stop the SSH daemon enter:

systemctl stop sshd

We can check if the service has stopped by verifying the status. The output shows that the service is inactive and the time and date when the status last changed.

sshd is now inactivesshd is now inactive

Step 4: Enable OpenSSH Service

Enable SSH to start automatically after each system reboot by using the systemctl command:

sudo systemctl enable sshd

To disable SSH after reboot enter:

sudo systemctl disable sshd

OpenSSH Server Configuration

Properly configuring the sshd configuration file hardens server security. The most common settings to enhance security are changing the port number, disabling root logins, and limiting access to only certain users.

To edit these settings access the /etc/ssh/sshd_config file:

sudo vim /etc/ssh/sshd_config

Once you access the file by using a text editor (in this example we used vim), you can disable root logins and edit the default port number:

  • To disable root login:

PermitRootLogin no

  • Change the SSH port to run on a non-standard port. For example:

Port 2002

Settings in sshd config file of port 2002Settings in sshd config file of port 2002

Remember to uncomment the lines that you edit by removing the hashtag.

Save and close the file. Restart sshd:

service sshd restart

Note: We recommend you generate SSH keys for authentication, as a safer alternative to passwords.

Firewall Settings

After successfully enabling SSH and configuring the sshd file, adjust the firewall settings to make sure there are no compatibility issues.

It is also possible to restrict IP access to make the connection even more secure.

To restrict IP access, edit the iptables file by typing:

sudo vim /etc/sysconfig/iptables

To allow access using the port defined in the sshd config file, add the following line to the iptables file:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2002 -j ACCEPT

To restrict access to a specific IP, for example 133.123.40.166, edit the line as follows:

-A RH-Firewall-1-INPUT -s 133.123.40.166 -m state --state NEW -p tcp --dport 2002 -j ACCEPT
example of setting up firewall rulesexample of setting up firewall rules

If your site uses IPv6, and you are editing ip6tables, use the line:

-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 2002 -j ACCEPT

Save and exit the file by pressing Escape (Esc) on your keyboard and typing:

:X

Press Enter to confirm.

Restart iptables to apply the changes:

sudo systemctl restart iptables

Conclusion

In this tutorial, we learned how to enable SSH on a CentOS 7 server. Additionally, we configured your firewall and SSH rules to limit access.

Your CentOS 7 server is now able to accept SSH connections.

Check out our guide on “ssh_exchange_identification: Read: Connection Reset By Peer” error if you notice it while connecting to your remote server.

Was this article helpful?
YesNo

RELATED ARTICLES

Most Popular

Recent Comments