Arch Linux SSH Configuration - ryzendew/Linux-Tips-and-Tricks GitHub Wiki
Arch Linux SSH Configuration Guide
Complete beginner-friendly guide to SSH configuration on Arch Linux, including server setup, client configuration, key-based authentication, and security hardening.
Table of Contents
- Installing SSH
- SSH Server Configuration
- SSH Client Configuration
- Key-Based Authentication
- SSH Security
- Troubleshooting
Installing SSH
Install OpenSSH
Install SSH:
# Install OpenSSH
sudo pacman -S openssh
# Enable service
sudo systemctl enable sshd
sudo systemctl start sshd
# Check status
systemctl status sshd
SSH Server Configuration
Configure SSH Server
Edit config:
# Edit SSH config
sudo vim /etc/ssh/sshd_config
Security settings:
# Disable root login
PermitRootLogin no
# Change port
Port 2222
# Disable password auth (use keys)
PasswordAuthentication no
# Allow specific users
AllowUsers username
# Disable empty passwords
PermitEmptyPasswords no
Restart SSH:
sudo systemctl restart sshd
SSH Client Configuration
SSH Client Config
Edit client config:
# Edit client config
vim ~/.ssh/config
Example:
Host myserver
HostName server.example.com
User username
Port 2222
IdentityFile ~/.ssh/id_ed25519
Connect:
ssh myserver
Key-Based Authentication
Generate SSH Key
Create key pair:
# Generate key
ssh-keygen -t ed25519 -C "[email protected]"
# Or RSA
ssh-keygen -t rsa -b 4096 -C "[email protected]"
Copy Public Key
Copy to server:
# Copy key
ssh-copy-id user@server
# Or manually
cat ~/.ssh/id_ed25519.pub | ssh user@server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
SSH Security
Harden SSH
Security best practices:
# Edit config
sudo vim /etc/ssh/sshd_config
Add:
# Disable root
PermitRootLogin no
# Change port
Port 2222
# Use keys only
PasswordAuthentication no
PubkeyAuthentication yes
# Limit login attempts
MaxAuthTries 3
# Disable empty passwords
PermitEmptyPasswords no
Fail2ban
Install fail2ban:
# Install fail2ban
sudo pacman -S fail2ban
# Enable
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
Troubleshooting
Connection Refused
Check service:
# Check SSH service
systemctl status sshd
# Check firewall
sudo ufw status
Permission Denied
Check permissions:
# Fix permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys
Summary
This guide covered SSH installation, server/client configuration, key-based auth, and security.
Next Steps
- Arch Linux Security Configuration - Security setup
- Arch Linux Networking - Network setup
- ArchWiki SSH: https://wiki.archlinux.org/title/OpenSSH
This guide is based on the ArchWiki. For the most up-to-date information, always refer to the official ArchWiki.