Tags

, ,

Hi friends today i am going to share SSH Server Configuration in Linux. It’s a step by step guide & i have also added some security tips related to SSH Server.

What is SSH?

 

SSH stands for secure shell.
secure shell means information sent over ssh terminal is totally encrypted. ssh encrypt data before sending it over the network. SSH is basically a network protocol for secure data communication.

SSH in Rhel5, Rhel6

Rhel5/6 use a free version of SSH named as openssh. Openssh uses secure tunneling and some other authentication methods to encrypt data before sending it over insecure network like internet. Unsecured protocol telnet is totally replaced by SSH

 

Important noteworthy points before configuring SSH server in Rhel5/Rhel6

 

>sshd (secure shell daemon) service is used by ssh server in rhel5/6.

>On command line we use ssh(secure shell) command to execute various operations.

>SSH use port 22 as its default port

To generate public/private keys we use ssh-keygen utility

We need a SSH server system and a SSH  client system to perform SSH in Rhel5, Rhel6

Today we are going to use yum package management tool to install SSH packages.

If you do not know how to install packages with yum then first read below tutorial==>

Read also: Configure yum server in Linux?

 

>You have to configure firewall to allow ssh service. If you do not want to use firewall rules then simply flush firewall rules with below command==>

 

#iptables -F

 

if you have configured firewall on your Rhel5/Rhel6 then simply allow SSH as shown below

 

#iptables -A INPUT -p tcp –dport 22 -j ACCEPT

 

Important commands used in configuring SSh server in Rhel5/Rhel6

 

#rpm -qa | grep ssh
#yum install openssh*
#service sshd restart
#chkconfig sshd on
#service sshd status
#ssh (ip-address of target pc)
#ssh user@(ip-address of user)

 

Configuration file of ssh server

 

To configure SSH server one must know the configuration file of SSH . The configuration file of SSH server is

/etc/ssh/sshd_config

 

ssh

configuration file of SSH client system is ==> /etc/ssh/ssh_config

< All entries related to SSH configuration should be made under this file>

 

Step by step tutorial on SSH server configuration on Rhel5/Rhel6.

 

Step 1

 

First of all check which packages are required for SSH server configuration.

 

ssh

 

Step 2

 

Now install all above packages using yum as shown below

 

#yum install openssh*

ssh

 

here * indicates that all packages related to openssh will installed .

 

Step 3

 

Now restart the SSH service. To make SSH service entry in startup script use chkconfig command and at last to view status of ssh use sshd status command.

 

ssh in linux

 

Step 4

 

First of all note down the ip address of SSH server system.

 

ssh in linux

 

Step 5

 

Now we need to add some users so that we can test our SSH server. So add a user as shown below.

#useradd sam
#passwd sam

ssh

 

So our user sam is created successfully.

 

Step 6

 

Now its time to configure SSH  client system.

First of all install all packages related to openssh in linux client system

#yum install openssh*

 

sshclient

 

Here root@shankar is our SSH client system.

 

Now restart the ssh service and then use chkconfig command to make ssh service permanent entry in startup script.

ssh

 

Now its time to do ssh . First do ssh on sam user of SSH server system.

#ssh sam@ip-address
#ssh sam@192.168.1.104

ssh

 

Now we are on user sam , to check status use who am i command.

 

Step 7

 

Now from Linux client system try to do ssh on root of SSH server system.

#ssh root@ip-address of server
#ssh root@192.168.1.104

ssh

 

So as you see now we are onroot of SSH server system. So we have successfully tested SSH from client system to SSH  server system, it means SSH  is successfully configured on Rhel5/Rhel6

 

Read also ==>

|| Telnet server configuration in Linux ??

” SSH server security in Rhel5/Rhel6″

 

How to give banner warning at the time of SSH login?

 

if you want to warn a unauthorized user to do ssh on your system then you have option to set warning at SSH login. To do it follow below steps.

 

Step 1

First in SSH  server system we have to edit /etc/issue.net file to set ssh warning. So first give all permissions to this file–>

#chmod     777     /etc/issue.net

 

Go to /etc/issue.net file using vim editor.

#vim  /etc/issue.net

ssh banner

 

Step 2

 

Now press I to insert into the edit mode and write down below lines

warning : do not enter into my PC

ssh

 

now save this file by esc:wq

 

Step 4

 

Now go to SSH configuration file and in the last line  you will find a banner line directive.In this line just change the path of banner line as shown below

 

ssh

 

Step 5

 

Now save the configuration file and restart the ssh service.

#service  sshd  restart

 

Step 6

 

now do ssh from Linux client system to sam user of server system

ssh sam@192.168.1.104

ssh

 

Now you will get a warning before SSH login.

 

How to change SSH port?

 

As we know default port for SSH is 22 but to make SSH more secure we can change its port to some other value ,for e.g. 3434.

 

Steps to change SSH port ==>

 

Step 1

 

First of all in SSH  server system go to SSH configuration file.

#vim  /etc/ssh/sshd_config

 

Step 2

 

Now in SSH configuration file you find following directive ==> #Port 22

First remove the # sign and then change its value from 22 to 3434

Port 3434

ssh port change

 

Step 3

 

Now save the file by pressing esc + : + wq and enter

 

Step 4

 

Whenever you modified SSH configuration file you have to restart the SSH service. so simply restart the SSH service

 

#service sshd restart

 

Step 5

 

Now go to Linux client system  and do ssh  with default port and modified port.

 

ssh

 

Now you see client system is unable to login by using default port, but while using modified port it will easily able to login.

 

How to permit root login on SSH sever?

 

By default root login is disabled on SSH server .we have to manually turn it on by modifying SSH configuration file

to permit root login simply go to SSH configuration file and uncomment (remove # sign)  from the following directive.

#PermitRootLogin yes (just remove # sign)

SSH

 

now simply save the file and restart the ssh service => 

#service sshd restart

 

How to enable password authentication for local users?

 

simply go to SSH configuration file and uncomment the following directive.

#PasswordAuthentication yes

SSH

 

simply remove # sign and save the file and restart the ssh service.

#service sshd restart

 

How to limit the users to get access to a system via SSH?

 

It’s a type of added SSH security . By default in SSH configuration file you didn’t find a directive related to this security, so you have to add extra directive to make this
security.

 

First of all go to SSH configuration file.
Now add an additional directive==>

AllowUsers  sam  peter
or
AllowUsers  sam@192.168.1.1o4  peter@192.168.1.104

ssh

 

now simply save the file and restart the ssh service.

 

How to restrict or deny a user to get access to a system via SSH ?

 

To deny a user to do ssh on a system we have to add an additional directive to SSH configuration file.

go to SSH configuration file and add following directive ==>

DenyUsers  sam

ssh deny

 

Save the file and restart the ssh service ==>

#service sshd restart

 

Now to test that the sam user access is restricted or not let’s check it ==>

 

go to linux client system and try to do ssh on sam user.

#ssh sam@192.168.1.104 

 

now you will see that client system is not able to login to sam user of Linux server system.

 

so friends today we learned how to install and configure SSH server in Linux and how to implement security in it.

 

Final thoughts

This is not full tutorial on SSH server. we will post 2nd part of SSH server in upcoming days. hope you like the 1st part of this tutorial. If you have any queries related to SSH server then comment below in the comment section, we feel happy to solve your queries  and do follow us and share this article on Facebook and other social networking sites.