How do I install and configure ssh server and client under CentOS Linux operating systems?
You need to install the following packages (which are installed by default until and unless you removed it or skipped it while installing CentOS)
- openssh-clients : The OpenSSH client applications
- openssh-server : The OpenSSH server daemon
OpenSSH Installations under CentOS Linux
To install the server and client type:
# yum -y install openssh-server openssh-clients
Start the service:
# chkconfig sshd on
# service sshd start
Make sure port 22 is opened:
# netstat -tulpn | grep :22
Firewall Settings
Edit /etc/sysconfig/iptables (IPv4 firewall),
# vi /etc/sysconfig/iptables
Add the line
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
If you want to restict access to 192.168.1.0/24, edit it as follows:
-A RH-Firewall-1-INPUT -s 192.168.1.0/24 -m state --state NEW -p tcp --dport 22 -j ACCEPT
If your site uses IPv6, and you are editing ip6tables, use the line:
-A RH-Firewall-1-INPUT -m tcp -p tcp --dport 22 -j ACCEPT
Save and close the file. Restart iptables:
# service iptables restart
OpenSSH Server Configuration
Edit /etc/ssh/sshd_config, enter:
# vi /etc/ssh/sshd_config
To disable root logins, edit or add as follows:
PermitRootLogin no
Restrict login to user tom and jerry only over ssh:
AllowUsers tom jerry
Change ssh port i.e. run it on a non-standard port like 1235
Port 1235
Save and close the file. Restart sshd:
# service sshd restart
See also:
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
{ 3 comments… read them below or add one }
THANKS A MILLION, MAY GOD BLEEEEEEEEEESSSSSSSSSSSSSSSSSSSS YOU.
YOU JUST SAVED MY LIFE.
MY HOSTING SERVER’S SSH WAS UNINSTALLED BY MISTAKE AND YOU JUST MADE THE SOLUTION CHEAP
THANKS AGAIN
Thanks very much for this info.
This is very helpful.
God bless you guys.
There are a couple/few things I don’t get…
e.g. for
Make sure port 22 is opened:
# netstat -tulpn | grep :22
What are we *supposed* to see if port 22 *is* opened?
And for
Add the line
-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
add it *where*???
In the :INPUT ACCEPT section?
in the :OUTPUT ACCEPT section?
after :COMMIT?
No matter which line I put it on, when I restart the iptables service I get a red [FAILED] message for that line#.
And then you change the SSH port to 1235 but don’t revisit iptables?
What am I missing here?
:-)