How to Install and Configure OpenSSH Server In Linux?

OpenSSH is an open-source tool that is used to provide secure encrypted communication between different machines on a network. It is widely used in Linux-based systems as a way to securely access and manage remote servers. In this article, we will discuss how to install and configure OpenSSH server in Linux.

Step 1: Checking if OpenSSH is Installed

The first step in installation process is to check whether OpenSSH is already installed on your Linux machine or not. To do this, open your terminal and type following command −

ssh -V

If OpenSSH is already installed, command will display version number of software. If it is not installed, command will display an error message.

Step 2: Installing OpenSSH

If OpenSSH is not installed, you can install it by using your Linux distribution's package manager. package name may vary depending on Linux distribution you are using. Below are commands to install OpenSSH on some popular Linux distributions −

Ubuntu/Debian

sudo apt-get update
sudo apt-get install openssh-server

Fedora/CentOS

sudo yum update
sudo yum install openssh-server

Arch Linux

sudo pacman -S openssh

Step 3: Configuring OpenSSH

After installing OpenSSH, next step is to configure it. OpenSSH's main configuration file is located at /etc/ssh/sshd_config. You can open this file using a text editor like nano or vim. Before editing configuration file, make a backup copy of file.

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

Once you have a backup copy of configuration file, you can start editing original file using your preferred text editor. Some important configuration options are −

• Port − This option sets port number on which OpenSSH will listen for incoming connections. default port number is 22, but it's a good practice to change it to a different number for security reasons.

• PermitRootLogin − This option specifies whether root user is allowed to log in via SSH. It is recommended to set this option to no and create a separate user account with administrative privileges.

• PasswordAuthentication − This option specifies whether password-based authentication is allowed. It is recommended to set this option to no and use public key authentication instead.

• PubkeyAuthentication − This option specifies whether public key authentication is allowed. It is recommended to set this option to yes.

Once you have edited configuration file, save changes and exit editor. Then, restart OpenSSH server to apply new configuration.

sudo systemctl restart sshd

Step 4: Creating SSH keys

To use public key authentication with OpenSSH, you need to generate a pair of SSH keys on your local machine. You can generate keys using ssh-keygen command.

ssh-keygen -t rsa -b 4096

This command will generate a pair of RSA keys with a key length of 4096 bits. keys will be stored in ~/.ssh directory.

Step 5: Copying Public key to Server

After generating SSH keys, you need to copy public key to remote server. You can use ssh-copy-id command to copy public key to server.

ssh-copy-id username@server-ip-address

Replace username and server-ip-address with your remote server's username and IP address. command will prompt you to enter your remote server's password. After entering password, command will copy your public key to remote server's authorized_keys file.

Step 6: Logging in with SSH keys

After copying the public key to server, you can log in to remote server using public key authentication. To do this, use ssh command with -i option to specify location of your private key file.

ssh -i ~/.ssh/id_rsa username@server-ip-address

Replace username and server-ip-address with your remote server's username and IP address. ssh command will use your private key to authenticate connection, and you will be logged in to remote server without entering a password.

Step 7: Troubleshooting

If you encounter any issues while installing or configuring OpenSSH, there are a few things you can check to resolve problem.

Check OpenSSH logs: OpenSSH logs are stored in /var/log/auth.log file. You can use tail command to view last few lines of log file.

sudo tail -f /var/log/auth.log

• Check firewall settings − If you are unable to connect to OpenSSH server, check your firewall settings to make sure that port 22 (or custom port you specified) is open.

• Check SELinux settings − If you are using a Linux distribution with SELinux enabled, you may need to modify SELinux settings to allow OpenSSH to run properly.

In addition to basic configuration options discussed in this article, OpenSSH provides a wide range of advanced options that can be customized to meet your specific needs. Here are a few examples of some useful OpenSSH configuration options −

• AllowUsers − This option specifies a list of users who are allowed to log in via SSH. All other users will be denied access. This is useful if you want to restrict SSH access to a specific group of users.

• ClientAliveInterval − This option specifies time interval (in seconds) after which OpenSSH server will send a keep-alive message to client. This is useful if you are using a NAT or firewall that closes idle connections.

• Compression − This option specifies whether compression should be used for data transmitted over SSH connection. Enabling compression can improve performance on slow or high-latency connections.

• X11Forwarding − This option specifies whether X11 forwarding should be enabled. X11 forwarding allows graphical applications to be run on remote server and displayed on local machine.

• TCPKeepAlive − This option specifies whether TCP keep-alives should be used. TCP keep-alives are used to detect and close connections that have become stale or deadlocked.

To use these options, simply add them to /etc/ssh/sshd_config file, following same format as other configuration options.

OpenSSH also provides several tools and utilities for managing SSH connections and keys. Here are a few examples −

• ssh-add − This tool is used to add SSH keys to SSH agent. SSH agent is a program that stores private keys and provides a way to use them without entering a password each time.

• ssh-keyscan − This utility is used to retrieve SSH public keys from remote servers. This is useful if you want to add a server's public key to your known_hosts file.

• ssh-copy-id − This tool is used to copy your SSH public key to a remote server's authorized_keys file. This is a convenient way to set up public key authentication.

It's worth noting that while OpenSSH is generally considered a secure and reliable way to manage remote servers, it's still important to take additional security measures to protect your systems. Here are a few best practices for securing your OpenSSH server −

• Use strong passwords − If you do need to use password authentication for SSH, make sure to use strong passwords that are difficult to guess. Avoid using common words or phrases, and use a mix of uppercase and lowercase letters, numbers, and symbols.

• Use public key authentication − Public key authentication is generally considered more secure than password authentication because it doesn't rely on a shared secret that can be guessed or intercepted. Make sure to generate strong, unique key pairs for each user, and store private keys securely on client machines.

• Limit SSH access − Limiting SSH access to a specific group of users or IP addresses can help reduce risk of unauthorized access. You can use AllowUsers and AllowGroups options in sshd_config file to restrict access, and you can use firewall rules to limit access to specific IP addresses.

• Use two-factor authentication − Two-factor authentication adds an extra layer of security to your SSH connections by requiring a second factor, such as a hardware token or mobile app, in addition to a password or key pair.

• Keep your OpenSSH software up to date − Like any software, OpenSSH can have vulnerabilities that can be exploited by attackers. Make sure to keep your OpenSSH software up to date with latest security patches to reduce risk of attacks.

By following these best practices, you can help ensure security and reliability of your OpenSSH connections and protect your systems from unauthorized access and attacks.

Conclusion

OpenSSH is a powerful and essential tool for managing remote Linux servers. By following steps outlined in this article, you should be able to install and configure OpenSSH on your Linux machine and use it to securely manage your remote servers. Remember to keep your OpenSSH configuration secure by following best practices, such as disabling password authentication and using public key authentication.