CentOS SSH Installation And Configuration

by Vivek Gite on March 14, 2009 · 3 comments

How do I install and configure ssh server and client under CentOS Linux operating systems?

You need to install the following packages (which are installed by default until and unless you removed it or skipped it while installing CentOS)

  • openssh-clients : The OpenSSH client applications
  • openssh-server : The OpenSSH server daemon

OpenSSH Installations under CentOS Linux

To install the server and client type:
# yum -y install openssh-server openssh-clients
Start the service:
# chkconfig sshd on
# service sshd start

Make sure port 22 is opened:
# netstat -tulpn | grep :22

Firewall Settings

Edit /etc/sysconfig/iptables (IPv4 firewall),
# vi /etc/sysconfig/iptables
Add the line
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
If you want to restict access to 192.168.1.0/24, edit it as follows:
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 22 -j ACCEPT
If your site uses IPv6, and you are editing ip6tables, use the line:
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j ACCEPT
Save and close the file. Restart iptables:
# service iptables restart

OpenSSH Server Configuration

Edit /etc/ssh/sshd_config, enter:
# vi /etc/ssh/sshd_config
To disable root logins, edit or add as follows:
PermitRootLogin no
Restrict login to user tom and jerry only over ssh:
AllowUsers tom jerry
Change ssh port i.e. run it on a non-standard port like 1235
Port 1235
Save and close the file. Restart sshd:
# service sshd restart

See also:

Featured Articles:

Share this with other sys admins!
Facebook it - Tweet it - Print it -

{ 3 comments… read them below or add one }

1 Oyewumi Abayomi January 22, 2011

THANKS A MILLION, MAY GOD BLEEEEEEEEEESSSSSSSSSSSSSSSSSSSS YOU.
YOU JUST SAVED MY LIFE.

MY HOSTING SERVER’S SSH WAS UNINSTALLED BY MISTAKE AND YOU JUST MADE THE SOLUTION CHEAP

THANKS AGAIN

Reply

2 Abraham October 6, 2011

Thanks very much for this info.
This is very helpful.

God bless you guys.

Reply

3 Darr247 December 18, 2011

There are a couple/few things I don’t get…
e.g. for

Make sure port 22 is opened:
# netstat -tulpn | grep :22

What are we *supposed* to see if port 22 *is* opened?

And for

Add the line
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

add it *where*???
In the :INPUT ACCEPT section?
in the :OUTPUT ACCEPT section?
after :COMMIT?

No matter which line I put it on, when I restart the iptables service I get a red [FAILED] message for that line#.

And then you change the SSH port to 1235 but don’t revisit iptables?

What am I missing here?

:-)

Reply

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href="" title="">
What is 11 + 14 ?
Please leave these two fields as-is:
Solve the simple math so we know that you are a human and not a bot.




Previous post:

Next post: