Setup SSH on Linux

by

Setting up SSH on Linux for secure communications is a great way to ensure your remote connections are encrypted and protected from eavesdropping. Here’s a friendly guide to get you started:

1. Installation:

Most Linux distributions come with OpenSSH server and client pre-installed. If it’s not installed, you can easily install it using your package manager. Here’s how:

For Debian/Ubuntu:

sudo apt update
sudo apt install openssh-server

For CentOS/Fedora:

sudo yum install openssh-server

For Arch Linux:

sudo pacman -S openssh

2. Starting the SSH Service:

For systems using systemd (most modern distributions):

sudo systemctl start sshd
sudo systemctl enable sshd

For systems using init.d:

sudo service ssh start

3. Configuring SSH:

The main configuration file for SSH is located at /etc/ssh/sshd_config. Before making any changes, it’s a good practice to backup the original file:

sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup

Now, edit the configuration:

sudo nano /etc/ssh/sshd_config

Here are some basic configurations you might consider:

  • Change the default port: Though not a definitive security measure, changing the default port (22) can deter some automated attacks. Port 2222
  • Disable root login: Preventing the root user from logging in can prevent potential attackers from gaining superuser access. PermitRootLogin no
  • Allow only certain users: If you know exactly who needs SSH access, specify them. AllowUsers {username1} {username2}

Save and close the file after making your desired changes.

4. Restart SSH Service:

After making any changes to the configuration file, ensure you restart the SSH service:

sudo systemctl restart sshd

5. Setting up SSH Key Authentication (optional, but recommended):

Using SSH keys instead of passwords is more secure and convenient.

  • On the client side, generate a pair of SSH keys: ssh-keygen
  • Copy the public key to the server: ssh-copy-id username@your_server_ip -p 2222

Note: Replace 2222 with the port you set earlier.

6. Firewall Settings:

Ensure that your firewall allows SSH connections. If you’re using ufw on Ubuntu, for example:

sudo ufw allow 2222/tcp sudo ufw reload

Replace 2222 with your SSH port if different.

7. Test Your Setup:

From a client machine, try connecting to your SSH server:

ssh username@your_server_ip -p 2222

Remember to replace username, your_server_ip, and 2222 with your actual username, server IP address, and port number.

And that’s it! 🎉 You’ve set up SSH on your Linux machine for secure communications. Always remember to keep your software updated, monitor logs occasionally, and follow best security practices to ensure the safety of your server. Safe travels in the Linux world!