{"id":7693,"date":"2021-06-28T03:06:53","date_gmt":"2021-06-28T03:06:53","guid":{"rendered":"https:\/\/linuxways.net\/?p=7693"},"modified":"2021-06-28T03:06:53","modified_gmt":"2021-06-28T03:06:53","slug":"how-to-enable-ssh-on-centos","status":"publish","type":"post","link":"https:\/\/linuxways.net\/de\/centos\/how-to-enable-ssh-on-centos\/","title":{"rendered":"How to Enable SSH on CentOS"},"content":{"rendered":"

SSH is a widely used protocol used mostly by system administrators to securely login to remote servers. It allows them the command-line access to work on the remote system as if they are sitting right at the server. In this post, we will describe how you can enable SSH on the CentOS system and connect to it using an SSH client. We will also describe how to configure the SSH server.<\/p>\n

For Ubuntu OS, visit this post for how to enable SSH on Ubuntu<\/a>.<\/p>\n

Note<\/strong>: We have demonstrated the procedure on CentOS 8 <\/strong>machine.<\/strong><\/p>\n

Step 1: Installing OpenSSH Server<\/h2>\n

First, you will have to install an OpenSSH server on the machine you want to remotely access via SSH. Use the command below to install the OpenSSH server on your CentOS machine:<\/p>\n

$ sudo dnf install openssh-server<\/pre>\n
Enter sudo password and then you will see the installation started. Press y<\/strong> if prompted for confirmation.<\/p>\n
<\/p>\n
This should install the OpenSSH server on your system.<\/p>\n
Step 2: Start SSH Daemon and Verify Status<\/h2>\n
Now that SSH has been installed, you can start its service. Use the command below to start SSH daemon:<\/p>\n
$ sudo systemctl start ssh<\/pre>\n
Then to verify if the SSH daemon has started, use the command below:<\/p>\n
$ sudo systemctl status sshd<\/pre>\n
<\/p>\n
Step 3: Allow SSH through Firewall<\/h2>\n
If the firewall is enabled on your CentOS system, it will block the incoming SSH traffic. To permit incoming SSH traffic, you will need to add a rule in the firewall. The default port used by SSH is 22. So the rule should open port 22.<\/p>\n
Use the command below to allow incoming SSH traffic on port 22:<\/p>\n
$ sudo firewall-cmd --permanent --add-port=22\/tcp<\/pre>\n
This command will add a rule in your firewall that will allow traffic on port 22. If you have configured SSH for a port other than 22, make sure to use that port in the firewall rule.<\/p>\n
Step 4: Test SSH access<\/h2>\n
To test if SSH is working and you can connect to it, open your client machine. This machine should have an SSH client. If you are using a CentOS client, you can install SSH client as follows:<\/p>\n
$ sudo dnf install openssh-clients<\/pre>\n
Here we are going to test it using our Ubuntu client machine.<\/p>\n
To connect to an SSH server, you will require an IP address and a username of the remote system:<\/p>\n
$ ssh remote_username@remote_ip_address<\/pre>\n
For instance, in our case, the IP address of the remote machine (where the SSH server is installed) was \u201c192.168.72.192\u201d and the username was \u201ckbuzdar\u201d, so we ran the command:<\/p>\n
$ ssh kbuzdar@192.168.72.192<\/a><\/pre>\n
Note<\/strong>: If you don\u2019t know how to find the IP address of a machine, visit this<\/a> post.<\/p>\n
After you have connected to the SSH server, it will ask you to enter the password. Enter the password and then you will be login to your remote system. Now you will also notice the Terminal prompt has been changed to reflect the remote system username and system name.<\/p>\n
<\/p>\n
Configuring SSH<\/h2>\n
The SSH configuration file is located at \/etc\/ssh\/sshd_config<\/strong>. This file contains different configuration options which you can change according to your needs. Here we will look at few common options that might need modifications e.g. changing the default SSH port and the listening address, disabling root login, configuring max sessions and password tries, etc.<\/p>\n
To configure or change any option, you will need to edit the sshd_config<\/strong> file:<\/p>\n
$ sudo nano \/etc\/ssh\/sshd_config<\/pre>\n
Remember, after changing any settings in the sshd_config<\/strong> file, make sure to reload the SSH server to implement the changes:<\/p>\n
$ sudo systemctl reload ssh<\/pre>\n
Changing SSH Port<\/h3>\n
The SSH by default uses port 22 for listening to incoming connections. If for any reason you want to change the SSH port, you can do so by editing the sshd_config<\/strong> file and searching for a line that says:<\/p>\n
# Port 22<\/pre>\n
Uncomment the line by removing the hash (#) and the replace 22<\/strong> with the port number you want to set for SSH.<\/p>\n
<\/h3>\n
Once done, save and close the sshd_config file.<\/p>\n
Changing Listening Address<\/h3>\n
By default, SSH listens on all local interfaces. To configure SSH to listen on only a specific network interface, edit the sshd_config<\/strong> file:<\/p>\n
$ sudo nano \/etc\/ssh\/sshd_config<\/pre>\n
Search for the line that says:<\/p>\n
#ListenAddress 0.0.0.0<\/pre>\n
Uncomment the above line and replace 0.0.0.0 with the local address on which you want SSH to listen on.<\/p>\n
<\/h3>\n
Once done, save and close the sshd_config file.<\/p>\n
Disable Root Login<\/h3>\n
By default, the root<\/strong> user is allowed to log in using SSH. This is controlled by the PermitRootLogin parameter in the sshd_config file which is by default \u201cyes\u201d which means root login is allowed.<\/p>\n
To disable root login, edit the sshd_config file:<\/p>\n
$ sudo nano \/etc\/ssh\/sshd_config<\/pre>\n
Look for the line that says:<\/p>\n
# <\/strong>PermitRootLogin no<\/pre>\n
Uncomment (if commented) the above line and replace \u201cno\u201d by \u201cyes\u201d to disable root login using SSH.<\/p>\n
<\/h3>\n
Once done, save and close the sshd_config file.<\/p>\n
Change Number of Allowed Sessions and Authentication Attempts<\/h3>\n
By default, the maximum number of sessions allowed per network connection is 10. It can be changed by the MaxSessions<\/strong> parameter in the sshd_config<\/strong> file. Similarly, the maximum number of authentication attempts for one login session is 6 which can be changed using the MaxAuthTries<\/strong> parameter.<\/p>\n
To change the number of sessions allowed per network connection, search for the line that says:<\/p>\n
# MaxSessions 10<\/pre>\n
Uncomment the above line and replace its value with your desired value.<\/p>\n
To change the number of authentication attempts allowed per login session, search for the line that says:<\/p>\n
# MaxAuthTries 6<\/pre>\n
Uncomment the above line and replace its value with your desired value.<\/p>\n
<\/strong><\/p>\n
Once done, save and close the sshd_config file.<\/p>\n
Change Grace Time<\/h3>\n
When you connect to the SSH server, it gives you 120 seconds (default time) to complete your authentication using a username and password. If you do not login during this time, the server drops the connection and you have to login again. You can set this time a little higher than it takes you to complete login or set it lower to prevent DoS attacks where multiple sessions are kept open for a long time.<\/p>\n
To change this time, search for the line that says:<\/p>\n
# LoginGraceTime 120<\/pre>\n
Uncomment the above line and replace its value with your desired time (in seconds). If you do not want to set any time limit, set it value to 0. <\/p>\n
Once done, save and close the sshd_config file.<\/p>\n
In this post, we covered how to enable SSH on a CentOS machine and connect to it using a client machine. We also looked at various configuration options for the SSH server. If you want to make your remote access secure, visit our post on 11 Best Ways to Secure Your SSH Server<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"
SSH is a widely used protocol used mostly by system administrators to securely login to remote servers. It allows them the command-line access to work on the remote…<\/p>","protected":false},"author":1,"featured_media":7831,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[93,21],"class_list":["post-7693","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-centos","tag-centos-8","tag-ssh"],"_links":{"self":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/7693","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/comments?post=7693"}],"version-history":[{"count":0,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/7693\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media\/7831"}],"wp:attachment":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media?parent=7693"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/categories?post=7693"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/tags?post=7693"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}