How to configure OpenSSH server and connect to ssh server from client in Linux

OpenSSH as popularly known is used for gaining secure access to remote computer and gain terminal access and transfer files. OpenSSH is set of client server program where all communication between client and server is encrypted. Since all communication is encrypted in OpenSSH, this makes it more secure than other similar tools like telnet or ftp. This is very helpful if you want to control several computers from single computer.

Installation SSH server in Linux

Use default installer in case RHEL/Fedora/Centos use yum for installation

yum -y install openssh-server openssh-client

In latest distribution of RHEL/Fedora/Centos DNF is used as default package manager, in this case use command

dnf install openssh-server openssh-client -y

Once installation of server and client is done, you will need to configure your client. Note that client is required for connection of remote server i.e. the system from which you are going to connect remote server must have client software installed.

Configure OpenSSH server

Although no specific configuration is required for connecting OpenSSH server. Still you can change port used for making connection enhance security, also you may disable remote root login.

Disable remote root login

Open the sshd_config file with your favourite text editor, its located in /etc/ssh/sshd_config. Now you will have to change PermitRootLogin directive to no.

PermitRootLogin no

Change port for connecting OpenSSH server

To change port you have to change directives it. Open configuration file in editor and find line for ports and change it number desired. By default, ssh listens to port number 22.

Port 22

You can change this to any other port if you want for any security reasons.

Login Grace time

This setting defines how many second connection is kept alive without Login. You can set this time as per time you normally take to login.

X11 forwarding

This connection enable’s forwarding Graphical Display to client. To use this option -X switch should be used while making connection from client.

After making any changes in configuration file you need restart you OpenSSH server.

Restarting OpenSSH server

To restart OpenSSH server you need to use your default service manager to restart it. Most of latest distributions of Linux are using systemctl

systemctl restart ssh restart

In case you are using an older distribution use

/etc/init.d/ssh restart

Now all you need is IP address of system and client software to connect to system using SSH.

SSH Key based login

How the process works

SSH key based authentication works by creating pair of keys

  1. Private Key – Private key is located on client machine and is kept secret.
  2. Public Key – Public key can be given to any one and is kept on machine you wish to connect.

When you try to connect to system having public key, it sends response which can be read only with private key. In response client computer sends response based on keys communicated and on identifying genuine message communication between both systems is established.

Create SSH keys

SSH keys should be generated on the client computer from which you will log in from. This is usually your local computer.

Syntax

ssh-keygen -t rsa

Press enter  and your keys will be created at ~/.ssh/id_rsa.pub and ~/.ssh/id_rsa.

Transferring Public Key to the Server

Use command ssh -copy-id to copy key to server

Syntax

ssh-copy-id remote_server

where remote server is your server name. You will be prompted to enter password by remote server. Once password is entered public key will be copies to remote server. Next login on to this server will not require password.

Using SSH command to connect to server

To connect to SSH server from client enter below command in terminal window

Syntax

ssh remote_host

where remote_host is host name or host ip address

Example

ssh 10.17.2.45
ssh mylinux.com

This command will work only if remote username is same as local username. Once connected remote system will authenticate user by asking for password.

Connecting to port other than default port 22

Using of switch -p to connect to server on port other than default port number 22.

Syntax

ssh -p port_number remote_host

Example

ssh -p 78 10.17.2.45

Using this command will cause client to connect on port open for ssh on server.

Connecting to X11 server on from client using ssh

If X11 is forwarded by ssh server, you can use switch -X from client

Syntax

ssh -X remote_host

Example

ssh -X 10.17.2.45

Running single command directly from ssh command

Running command directly from ssh can be done using below command

Syntax

ssh remote_host command

Example

ssh 10.17.2.45 ls