CentOS SSH Installation And Configuration

by on March 14, 2009 · 13 comments· LAST UPDATED March 14, 2010

in

How do I install and configure ssh server and client under CentOS Linux operating systems?

You need to install the following packages (which are installed by default until and unless you removed it or skipped it while installing CentOS)

  • openssh-clients : The OpenSSH client applications
  • openssh-server : The OpenSSH server daemon

OpenSSH Installations under CentOS Linux

To install the server and client type:
# yum -y install openssh-server openssh-clients
Start the service:
# chkconfig sshd on
# service sshd start

Make sure port 22 is opened:
# netstat -tulpn | grep :22

Firewall Settings

Edit /etc/sysconfig/iptables (IPv4 firewall),
# vi /etc/sysconfig/iptables
Add the line
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
If you want to restict access to 192.168.1.0/24, edit it as follows:
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 22 -j ACCEPT
If your site uses IPv6, and you are editing ip6tables, use the line:
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j ACCEPT
Save and close the file. Restart iptables:
# service iptables restart

OpenSSH Server Configuration

Edit /etc/ssh/sshd_config, enter:
# vi /etc/ssh/sshd_config
To disable root logins, edit or add as follows:
PermitRootLogin no
Restrict login to user tom and jerry only over ssh:
AllowUsers tom jerry
Change ssh port i.e. run it on a non-standard port like 1235
Port 1235
Save and close the file. Restart sshd:
# service sshd restart

See also:

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 13 comments… read them below or add one }

1 Oyewumi Abayomi January 22, 2011 at 6:47 am

THANKS A MILLION, MAY GOD BLEEEEEEEEEESSSSSSSSSSSSSSSSSSSS YOU.
YOU JUST SAVED MY LIFE.

MY HOSTING SERVER’S SSH WAS UNINSTALLED BY MISTAKE AND YOU JUST MADE THE SOLUTION CHEAP

THANKS AGAIN

Reply

2 Abraham October 6, 2011 at 6:29 pm

Thanks very much for this info.
This is very helpful.

God bless you guys.

Reply

3 Darr247 December 18, 2011 at 5:38 am

There are a couple/few things I don’t get…
e.g. for

Make sure port 22 is opened:
# netstat -tulpn | grep :22

What are we *supposed* to see if port 22 *is* opened?

And for

Add the line
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

add it *where*???
In the :INPUT ACCEPT section?
in the :OUTPUT ACCEPT section?
after :COMMIT?

No matter which line I put it on, when I restart the iptables service I get a red [FAILED] message for that line#.

And then you change the SSH port to 1235 but don’t revisit iptables?

What am I missing here?

:-)

Reply

4 Boymix81 February 28, 2012 at 9:20 pm

Thanks a lot!

Only change :

-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state –state NEW -p tcp –dport 22 -j ACCEPT

TO

-A INPUT -s 192.168.1.0/24 -m state –state NEW -p tcp –dport 22 -j ACCEPT

Reply

5 kuldeep thakur March 15, 2012 at 7:49 am

Thanks a ton this info really very helpful for me.

Peace,
Kuldeep

Reply

6 Darr247 March 15, 2012 at 11:15 pm

So,
Make sure port 22 is opened:
# netstat -tulpn | grep :22

What are we *supposed* to see if port 22 *is* open?

Thanks.

Reply

7 Paul Cupis April 22, 2012 at 7:29 pm

If sshd is running. you would expect to see something like:

# netstat -plunt | grep :22
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 70813/sshd
tcp 0 0 :::22 :::* LISTEN 70813/sshd
#

If you do not get any output where the IP/port part ends in :22, then you have nothing listening on port 22 (the standard ssh port).

Regards,

Reply

8 BRAVE-MAN99 June 21, 2012 at 3:07 pm

God bliss you.
Simple way & perfect results.

Reply

9 rkrara October 7, 2012 at 11:02 am

Hi,
Some thing is wrong.
Please help resolve it.
The line 13 is this:
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

Now when is restart iptables i get this error.

# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: iptables-restore: line 13 failed [FAILED]

Reply

10 pheng November 14, 2012 at 2:18 pm

change like this it will work…

-A INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT

Reply

11 kyferez January 26, 2013 at 6:04 pm

You missed something important: If you alter SSH Port, your iptables line –dport needs to be the same as the port you specified, not 22!

So, if you set: Port 234, then your IP tables entry would be this:
-A INPUT -m state –state NEW -m tcp -p tcp –dport 234 -j ACCEPT

To verify your PROPER port is open, the command also needs to reflect the port you altered: netstat -tulpn | grep :234

Your results should look like this:
tcp 0 0 0.0.0.0:234 0.0.0.0:* LISTEN 26873/sshd
tcp 0 0 :::234 :::* LISTEN 26873/sshd

The author should not have suggested changing the port without explaining that the commands and IPTables entries would necessitate being altered as well.

Reply

12 Kenny March 27, 2013 at 4:30 pm

I should have read this comment about 30 minutes ago… lol I was however, able to figure it out on my own. I guess that’s a good thing. :o)

Reply

13 Sagetbh June 6, 2013 at 10:37 am

Thank you so MUCH!
This actually worked.
You are a blessing!

Reply

Leave a Comment

Tagged as: , , , , , , , , , , , , , ,

Previous Faq:

Next Faq: