SSH connection configurations - Parthaaaaa/practicelinux GitHub Wiki

Server

  • In order to check the version of your SSH utility, you can run the following command:

    ssh -V

  • In order to install a SSH server,run the following command:

    CentOS 7,8:

    sudo yum install openssh-server

    sudo apt install openssh-server (for ubuntu)

    sudo dnf install openssh-server (centos 8)

  • Check if the ssh-server is running or not (replace sshd with ssh during ubuntu command):

    systemctl status sshd

  • Start it by

    systemctl start sshd

  • Automatic start in bootup enable by:

    systemctl enable sshd

  • To check whether ssh service is enable or not by:

    systemctl list-unit-files | grep enabled | grep ssh

Firewall might not allow SSH connections by default.So,it should be configured by following:

  • In order to check SSH services configured in firewall to run following command:

    firewall-cmd --list-all | grep services

output:

services: cockpit dhcpv6-client

  • If the service in the list run following command to listing:

    firewall-cmd --permanent --zone=public --add-service=ssh firewall-cmd --reload

  • And verify again:

    firewall-cmd --list-all | grep services

output:

services: cockpit dhcpv6-client ssh

  • Configure SSH Server;

    cd /etc/ssh

    vim sshd_config

  • change

    port 22 to 2244 (or your wish)

    permitrootlogin no

    PasswordAuthentication no(Do this after you configured key based login which is described in the last)

Save the file and quit.

  • Restart ssh by:

    systemctl restart sshd

If SELinux is running then ssh restart will not work.Run following command reconfigure

  • SELinux for SSH:

    semanage port -a -t ssh_port_t -p tcp 2244(or your entered port)

  • check if SELinux enabled by:

    sestatus

  • Disable SELinux permanently by:

    vim /etc/sysconfig/selinux

change to SELINUX=disable

save file

  • Allow changed port on firewall:

    firewall-cmd --zone=public --permanent --add-port=2244/tcp

    firewall-cmd --reload

  • To see the port list:

    firewall-cmd --zone=public --permanent --list-all

Now,connect from user-client by:

ssh -p 2244 username@YourServerIPAddress

Enter the user password and thats it !

Setup Passwordless SSH Login to get more secured connection:

User-client

  • Check for existing SSH key pair.

    ls -al ~/.ssh/id_*.pub

  • Generate a keypair by:

    ssh-keygen -t rsa -b 4096 -C "[email protected] or writesomthing"

  • To be sure that the SSH keys are generated you can list your new private and public keys by:

    ls -al ~/.ssh/id_*.pub or /home/user/.ssh

    id_rsa

    id_rsa.pub

  • copy the public key to the server by:

    ssh-copy-id -p 2244 -i .ssh/id_rsa.pub username@YourServerIPAddress

  • A folder named 'authorized_keys' with public key will be created in your server under following location:

    cd /home/user/.ssh

If 'ssh-copy-id' command doesn't work,then run the following:

1.scp ~/.ssh/id_rsa.pub username@YourServerIPAddress:/home/user/.ssh/uploadedkey.pub

  • Now go to your server and run following:

    cat ~/.ssh/uploadedkey.pub >> ~/.ssh/authorized_keys

    chmod 700 ~/.ssh chmod 600 ~/.ssh/*

or

2.cat ~/.ssh/id_rsa.pub | ssh remote_username@server_ip_address "mkdir -p ~/.ssh && chmod 700 ~/.ssh && cat >> ~/.ssh/authorized_keys && chmod 600 ~/.ssh/authorized_keys"

Thats all ! This time your will not have to enter your password.Enjoy!!!