How to Install Enable OpenSSH on CentOS 7

If you're looking to enable OpenSSH on CentOS 7, you've come to the right place. In this article, we'll take a look at the steps you need to follow to install and enable OpenSSH on your CentOS 7 machine. We'll also explore the benefits of using OpenSSH and how to configure it securely.

What is OpenSSH?

OpenSSH is a secure shell protocol used to establish a secure connection between two computers over a network. It's an open-source version of the Secure Shell (SSH) protocol, which is widely used to provide secure remote access to servers and other network devices.

OpenSSH provides a secure way to access a remote computer by encrypting all data that is transmitted between the client and server. This means that all communications between the client and server are private and cannot be intercepted by a third party.

Why Use OpenSSH?

Using OpenSSH has several benefits, including

• Security OpenSSH uses strong encryption algorithms to protect your data.

• Remote Access OpenSSH allows you to access your remote servers securely.

• Portability OpenSSH is available on a wide range of operating systems, making it a versatile tool.

• Authentication OpenSSH provides multiple authentication methods to ensure secure access to your remote servers.

Installing OpenSSH on CentOS 7

Before we can enable OpenSSH on CentOS 7, we need to install it. Here's how

Step 1: Update the System

Before installing OpenSSH, we need to update our system to make sure we have the latest packages and security updates. To do this, open a terminal and enter the following command

sudo yum update

This command will update all packages on your system to their latest version.

Step 2: Install OpenSSH

Once the system is updated, we can proceed with the installation of OpenSSH. To install OpenSSH, enter the following command

sudo yum install openssh-server

This command will install the OpenSSH server on your system.

Step 3: Start the OpenSSH Service

Now that OpenSSH is installed, we need to start the OpenSSH service so that it can accept incoming connections. To start the OpenSSH service, enter the following command

sudo systemctl start sshd

This command will start the OpenSSH service on your system.

Step 4: Enable OpenSSH

Finally, we need to enable OpenSSH so that it starts automatically every time we boot our system. To do this, enter the following command

sudo systemctl enable sshd

This command will enable the OpenSSH service on your system.

Configuring OpenSSH

Now that OpenSSH is installed and enabled, we can configure it to suit our needs. Here are key configuration options you should consider

Changing the Default Port

By default, OpenSSH listens on port 22. However, it's a good idea to change this to a different port to increase security. To do this, open the SSH configuration file

sudo vi /etc/ssh/sshd_config

Find the line that says #Port 22 and change it to your desired port. For example, if you want to change it to port 2222, you would enter

Port 2222

Save the file and restart the SSH service

sudo systemctl restart sshd

Disabling Password Authentication

Another way to increase security is to disable password authentication and use public key authentication instead. To do this, open the SSH configuration file

sudo vi /etc/ssh/sshd_config

Find the line that says #PasswordAuthentication yes and change it to PasswordAuthentication no. Then, find the line that says #PubkeyAuthentication yes and uncomment it by removing the # symbol. Save the file and restart the SSH service

sudo systemctl restart sshd

Now, you'll need to generate an SSH key pair and add the public key to your server. This can be done using the ssh-keygen command on your local machine.

Restricting SSH Access

You may want to restrict SSH access to certain users or IP addresses. To do this, you can use the AllowUsers, DenyUsers, AllowGroups, and DenyGroups options in the SSH configuration file. For example, to allow access only to a user named jdoe, add the following line

AllowUsers jdoe

To deny access to a user named jsmith, add the following line

DenyUsers jsmith

You can also allow or deny access based on IP addresses. For example, to allow access only from a specific IP address

Match Address 192.168.1.100
    AllowUsers jdoe

This will only allow the user jdoe to access the server from the IP address 192.168.1.100.

Security Best Practices

Disable Root Login

By default, OpenSSH allows root login via SSH. However, it's best practice to disable this and use a regular user account instead. To disable root login, open the SSH configuration file and find the line that says PermitRootLogin yes. Change it to PermitRootLogin no, then restart the SSH service.

Limit Failed Login Attempts

OpenSSH provides an option to limit the number of failed login attempts before blocking an IP address. This helps prevent brute-force attacks. To set this up, open the SSH configuration file and add the following line

MaxAuthTries 3

This will limit the number of failed login attempts to 3 before blocking the IP address.

Use SSH Keys with Passphrases

If you decide to use SSH keys for authentication, it's a good idea to add a passphrase to your key. A passphrase is a secret phrase or sentence that is used to encrypt your SSH key. This adds an extra layer of security to your key and makes it much harder for attackers to use your key to gain unauthorized access to your server.

Configure Firewall Rules

To further enhance security, you can use firewall rules to restrict access to your system. For example, you can use the firewalld service to block incoming connections to your SSH port from all IP addresses except those you explicitly allow.

Monitoring and Maintenance

Monitor SSH Logs

Monitoring SSH logs can help you detect suspicious activity and potential security breaches. You can use tools like journalctl or grep to search for failed login attempts, unusual login patterns, and other indicators of malicious activity.

Keep System Updated

It's important to keep OpenSSH up-to-date with the latest security patches and updates. CentOS 7 provides regular updates through the yum package manager, so make sure to run sudo yum update regularly to keep your system secure.

Conclusion

Enabling OpenSSH on CentOS 7 is a straightforward process that provides secure remote access to your server. By following the installation steps and implementing proper security configurations, you can create a robust and secure SSH environment. Remember to regularly update your system, monitor access logs, and follow security best practices to maintain a secure server environment.