{"id":351,"date":"2019-05-12T14:42:59","date_gmt":"2019-05-12T12:42:59","guid":{"rendered":"http:\/\/hentati.org\/?p=351"},"modified":"2020-12-06T21:20:58","modified_gmt":"2020-12-06T20:20:58","slug":"centos-rhel-install-and-configure-openssh-server-and-client","status":"publish","type":"post","link":"https:\/\/hentati.org\/index.php\/2019\/05\/12\/centos-rhel-install-and-configure-openssh-server-and-client\/","title":{"rendered":"CentOS \/ RHEL : Install and Configure OpenSSH Server and Client"},"content":{"rendered":"
\n
Introduction<\/span><\/h5>\n

OpenSSH (Secure Shell) is a suite of network connectivity tools that provides secure communications between systems. OpenSSH tools include the following:<\/span><\/p>\n<\/div>\n

    \n
  • ssh<\/strong>: Secure shell logs on or runs a command on a remote system<\/span><\/li>\n
  • scp<\/strong>: Secure copy<\/span><\/li>\n
  • sftp<\/strong>: Secure ftp (file transfer protocol)<\/span><\/li>\n
  • sshd<\/strong>: The OpenSSH daemon<\/span><\/li>\n
  • ssh-keygen<\/strong>: Creates ECDSA(Elliptic Curve Digital Signature Algorithm) or RSA(named for the designers Rivest, Shamir, and Adleman) host\/user authentication keys:<\/span><\/li>\n<\/ul>\n

    Unlike other tools such as\u00a0telnet, rcp, rsh, rlogin,<\/strong>\u00a0and\u00a0ftp<\/strong>, OpenSSH tools encrypt all communication between the client and server systems, including passwords. Each network packet is encrypted by using a key known only by the local and remote systems.<\/span><\/p>\n

    OpenSSH supports both versions of SSH, SSH protocol version 1 (SSH1) and SSH protocol version 2 (SSH2). Additionally, OpenSSH provides a secure means to use graphical applications over a network by using X11 forwarding. It also provides a way to secure otherwise insecure TCP\/IP protocols by using port forwarding.<\/span><\/p>\n

     <\/p>\n

    I- install OpenSSH Server<\/span><\/h5>\n

    1. To begin configuring a system as an OpenSSH server, install the following packages (these are installed by default):<\/span><\/p>\n

    \n
    # yum install openssh\r\n# yum install openssh-server<\/span><\/pre>\n<\/div>\n
    2. Start the sshd daemon:<\/span><\/p>\n
    \n
    # systemctl start sshd<\/span><\/pre>\n<\/div>\n
    3. Use the systemctl command to automatically start the sshd service at boot time:<\/span><\/p>\n
    \n
    # systemctl enable sshd<\/span><\/pre>\n<\/div>\n
    \n
    II- Configure OpenSSH Server<\/span><\/h5>\n<\/div>\n
    \n
    Properly configuring the\u00a0sshd<\/strong>\u00a0configuration file\u00a0hardens server security. The most common settings to enhance security are changing the port number, disabling root logins, and limiting access to only certain users.<\/span><\/div>\n
    \n
    To edit these settings access the \/etc\/ssh\/sshd_config<\/strong>\u00a0file:<\/span><\/p>\n
    sudo vim \/etc\/ssh\/sshd_config<\/code><\/span><\/pre>\n
    Once you access the file by using a text editor (in this example we used\u00a0vim<\/strong>), you can disable root logins and edit the default port number:<\/span><\/p>\n
      \n
    • To disable root login:<\/span><\/li>\n<\/ul>\n
      PermitRootLogin no<\/em><\/strong><\/span><\/p>\n
        \n
      • Change the SSH port to run on a non-standard port. For example:<\/span><\/li>\n<\/ul>\n
        Port 2002<\/em><\/strong><\/span><\/p>\n
        \"Settings<\/span><\/p>\n
        Remember to uncomment the lines that you edit by removing the hashtag.<\/span><\/p>\n
        Save and close the file. Restart\u00a0sshd<\/strong>:<\/span><\/p>\n
        service sshd restart<\/code><\/span><\/pre>\n<\/div>\n
        \n
        \u00a0<\/span><\/h4>\n
        FIREWALL SETTINGS<\/span><\/h5>\n<\/div>\n
        \n
        After successfully enabling SSH and configuring the\u00a0sshd<\/strong>\u00a0file, adjust the firewall settings to make sure there are no compatibility issues.<\/span><\/p>\n
        It is also possible to restrict IP access to make the connection even more secure.<\/span><\/p>\n
        To restrict IP access, edit the\u00a0iptables<\/strong>\u00a0file by typing:<\/span><\/p>\n
        sudo vim \/etc\/sysconfig\/iptables<\/code><\/span><\/pre>\n
        To allow access using the port defined in the sshd config file, add the following line to the iptables file:<\/span><\/p>\n
        -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 2002 -j ACCEPT<\/code><\/span><\/pre>\n
        To restrict access to a specific IP, for example 133.123.40.166, edit the line as follows:<\/span><\/p>\n
        -A RH-Firewall-1-INPUT -s 133.123.40.166 -m state --state NEW -p tcp --dport 2002 -j ACCEPT<\/code><\/span><\/pre>\n
        \"example<\/span><\/p>\n
        If your site uses IPv6, and you are editing ip6tables, use the line:<\/span><\/p>\n
        -A RH-Firewall-1-INPUT -m tcp -p tcp --dport 2002 -j ACCEPT<\/code><\/span><\/pre>\n
        Save and exit the file by pressing Escape (Esc) on your keyboard and typing:<\/span><\/p>\n
        :X<\/strong><\/span><\/pre>\n
        Press Enter to confirm.<\/span><\/p>\n
        Restart iptables to apply the changes:<\/span><\/p>\n
        sudo systemctl restart iptables<\/code><\/span><\/pre>\n<\/div>\n
        \n
         <\/p>\n
        iii- ConfigurE OpenSSH Client<\/span><\/h5>\n
        1. To configure a system as an OpenSSH client, install the following packages (these are installed by default):<\/span><\/p>\n
        \n
        # yum install openssh\r\n# yum install openssh-clients<\/span><\/pre>\n<\/div>\n
        2. There are no services to start for OpenSSH clients.<\/span><\/p>\n
        CONCLUSION<\/span><\/h5>\n
        In this tutorial, we learned how to enable SSH on a CentOS 7 server. Additionally, we configured your firewall and SSH rules to limit access.<\/span><\/p>\n<\/div>\n
        \n
        Your CentOS 7 server is now able to accept SSH connections.<\/span><\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
        Introduction OpenSSH (Secure Shell) is a suite of network connectivity tools that provides secure communications between systems. OpenSSH tools include the following: ssh: Secure shell logs on or runs a …<\/p>\n","protected":false},"author":1,"featured_media":372,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[8],"tags":[],"_links":{"self":[{"href":"https:\/\/hentati.org\/index.php\/wp-json\/wp\/v2\/posts\/351"}],"collection":[{"href":"https:\/\/hentati.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hentati.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hentati.org\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hentati.org\/index.php\/wp-json\/wp\/v2\/comments?post=351"}],"version-history":[{"count":20,"href":"https:\/\/hentati.org\/index.php\/wp-json\/wp\/v2\/posts\/351\/revisions"}],"predecessor-version":[{"id":657,"href":"https:\/\/hentati.org\/index.php\/wp-json\/wp\/v2\/posts\/351\/revisions\/657"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hentati.org\/index.php\/wp-json\/wp\/v2\/media\/372"}],"wp:attachment":[{"href":"https:\/\/hentati.org\/index.php\/wp-json\/wp\/v2\/media?parent=351"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hentati.org\/index.php\/wp-json\/wp\/v2\/categories?post=351"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hentati.org\/index.php\/wp-json\/wp\/v2\/tags?post=351"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}