How to Install and configure ssh server on Centos 7

Table of Contents

1 Introduction
2 Prerequisites
3 Install and configure SSH server on Centos 7
4 Installing SSH Server
- 4.1 Step 1: Update Your System
- 4.2 Step 2: Install OpenSSH Server
5 Starting and Enabling SSH Service
6 Configuring SSH Server
7 Configuring SSH Client
- 7.1 Step 14: Install SSH Client
- 7.2 Step 15: Connect to SSH Server
8 Transferring Files Using SSH
- 8.1 Using SCP (Secure Copy)
  - 8.1.1 Step 16: Copy the File to the Remote Server
  - 8.1.2 Step 17: Copy the File from the Remote Server
- 8.2 Using SFTP (SSH File Transfer Protocol)
  - 8.2.1 Step 18: Connect to SFTP
  - 8.2.2 Step 19: Common SFTP Commands
9 SSH Key-Pair Authentication
10 Common Issues and Troubleshooting
11 FAQs
12 Conclusion

Introduction

In this tutorial, we will install and configure the SSH server on CentOS 7. SSH, also known as Secure Socket Shell, is a network protocol that allows for secure remote login from one computer to another. It provides system administrators a secure way to access a server remotely.

Prerequisites

Before we start, ensure you have:

A CentOS 7 server with a non-root user having sudo privileges.
Internet access to download the necessary packages.

Install and configure SSH server on Centos 7

Installing SSH Server

Step 1: Update Your System

First, update your system to ensure all existing packages are up-to-date:

sudo yum update -y

Step 2: Install OpenSSH Server

Install OpenSSH, the most popular SSH server package:

sudo yum install -y openssh openssh-server openssh-clients openssl-libs

Starting and Enabling SSH Service

Once the installation is complete, start the SSH service and enable it to start on boot.

Step 3: Start SSH Service

Start the SSH service using the command:

sudo systemctl start sshd

Step 4: Enable SSH Service

Enable the SSH service to start automatically on system boot:

sudo systemctl enable sshd

Step 5: Check SSH Service Status

Verify the SSH service status with:

sudo systemctl status sshd

Configuring SSH Server

Basic Configuration

The SSH server configuration file is located at /etc/ssh/sshd_config. You can edit this file to customize the SSH server settings.

Step 6: Open SSH Configuration File

Open the SSH configuration file with a text editor:

sudo vi /etc/ssh/sshd_config

Step 7: Disable Root Login

For security reasons, it is recommended to disable root login. Find and change the following line:

PermitRootLogin no

Step 8: Save and Exit

Save the changes and exit the editor. In vi, you can do this by pressing Esc, typing :wq, and hitting Enter.

Step 9: Restart SSH Service

After making the changes, restart the SSH service:

sudo systemctl restart sshd

Step 10: Allow SSH Through the Firewall

If Firewalld is running, allow SSH port 22/tcp:

sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --reload

Advanced Configuration

For advanced users, additional configuration options can further secure your SSH server.

Step 11: Configure Public Key Authentication

Public key authentication is more secure than password authentication. Ensure the following lines are set in the configuration file:

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

Step 12: Configure Two-Factor Authentication

Two-factor authentication adds an extra layer of security. You can set it up by installing and configuring google-authenticator.

sudo yum install google-authenticator -y google-authenticator

Follow the prompts to set up two-factor authentication.

Step 13: Restrict SSH Access by IP Address

You can limit SSH access to specific IP addresses by adding the following lines:

AllowUsers yourusername@192.168.1.100
DenyUsers baduser@192.168.1.*

Configuring SSH Client

Step 14: Install SSH Client

To connect to the SSH server, install the SSH client:

sudo yum -y install openssh-clients

Step 15: Connect to SSH Server

Use a common user to connect to the SSH server:

ssh yourusername@your_server_ip

Replace yourusername with your actual username and your_server_ip with the server’s IP address.

Transferring Files Using SSH

Using SCP (Secure Copy)

SCP allows for secure file transfer between the local machine and the remote server.

Step 16: Copy the File to the Remote Server

scp ./localfile.txt yourusername@your_server_ip:/remote/directory/

Step 17: Copy the File from the Remote Server

scp yourusername@your_server_ip:/remote/directory/remotefile.txt ./localdirectory/

Using SFTP (SSH File Transfer Protocol)

SFTP is another method for secure file transfer. It is typically enabled by default.

Step 18: Connect to SFTP

sftp yourusername@your_server_ip

Step 19: Common SFTP Commands

Show the current directory on the remote server: pwd
Show the current directory on the local server: !pwd
List files in the current directory on the remote server: ls -l
List files in the current directory on the local server: !ls -l
Change the directory on the remote server: cd /remote/directory/
Upload a file to the remote server: put localfile.txt remotefile.txt
Download a file from the remote server: get remotefile.txt localfile.txt
Delete a directory on the remote server: rmdir directoryname
Delete a file on the remote server: rm filename
Execute commands on the local server: !command
Exit SFTP: quit

SSH Key-Pair Authentication

Step 20: Create SSH Key Pair

Generate a new SSH key pair on the client machine:

ssh-keygen -t rsa

Step 21: Move the Public Key to the Authorized Keys

Move the generated public key to the server’s authorized keys file:

mv ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys

Step 22: Secure the `.ssh` Directory

mkdir ~/.ssh
chmod 700 ~/.ssh

Step 23: Transfer the Secret Key to the Client

Copy the secret key from the server to the client’s SSH directory:

scp yourusername@your_server_ip:/home/yourusername/.ssh/id_rsa ~/.ssh/

Step 24: Connect Using SSH Key

ssh -i ~/.ssh/id_rsa yourusername@your_server_ip

Step 25: Disable Password Authentication

Disable password authentication for enhanced security. Edit the SSH configuration file:

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes

Restart the SSH service:

sudo systemctl restart sshd

Common Issues and Troubleshooting

Issue 1: Connection Refused

If you encounter a “Connection refused” error, check if the SSH service is running and the firewall settings allow SSH traffic:

sudo systemctl status sshd
sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

Issue 2: Permission Denied

If you see a “Permission denied” error, ensure your user has the correct permissions and the SSH keys are correctly configured.

Issue 3: SSH Service Not Starting

If the SSH service fails to start, check the configuration file for syntax errors using:

sudo sshd -t

FAQs

Q: How do I restart the SSH service?

A: You can restart the SSH service using:

sudo systemctl restart sshd

Q: How do I check the SSH server version?

A: Check the SSH server version with:

ssh -V

Q: Can I use SSH keys for authentication?

A: Yes, SSH keys provide a secure way of authentication. Follow the steps in the advanced configuration section to set it up.

Conclusion

Setting up and configuring an SSH server on CentOS 7 is a crucial skill for system administrators. This guide covered everything from basic installation to advanced configuration, ensuring your SSH server is secure and efficient. By following these steps, you can enhance your server’s security and manage it remotely with ease. Thank you for reading the DevopsRoles page!

Linux