Linux SSH Configuration - ryzendew/Linux-Tips-and-Tricks GitHub Wiki
Linux SSH Configuration Guide
Complete beginner-friendly guide to SSH configuration on Linux, covering Arch Linux, CachyOS, and other distributions including server setup, client configuration, key-based authentication, and security hardening.
Table of Contents
- Installing SSH
- SSH Server Configuration
- SSH Client Configuration
- Key-Based Authentication
- SSH Security
- Troubleshooting
Installing SSH
Install OpenSSH
Install SSH:
# Arch/CachyOS
sudo pacman -S openssh
# Debian/Ubuntu
sudo apt install openssh-server
# Fedora
sudo dnf install openssh-server
Enable SSH
Enable service:
# Enable service
sudo systemctl enable --now sshd.service
# Check status
systemctl status sshd
SSH Server Configuration
Configure SSH Server
Edit config:
# Edit SSH config
sudo vim /etc/ssh/sshd_config
Security settings:
# Disable root login
PermitRootLogin no
# Change port
Port 2222
# Disable password auth (use keys)
PasswordAuthentication no
# Allow specific users
AllowUsers username
# Disable empty passwords
PermitEmptyPasswords no
Restart SSH:
sudo systemctl restart sshd
SSH Client Configuration
SSH Client Config
Edit client config:
# Edit config
vim ~/.ssh/config
Example:
Host myserver
HostName server.example.com
User username
Port 2222
IdentityFile ~/.ssh/id_rsa
Connect
Connect to server:
# Basic connection
ssh user@server
# With config
ssh myserver
# With key
ssh -i ~/.ssh/key user@server
Key-Based Authentication
Generate Key
Create SSH key:
# Generate key
ssh-keygen -t ed25519 -C "[email protected]"
# Or RSA
ssh-keygen -t rsa -b 4096
Copy Key
Copy to server:
# Copy key
ssh-copy-id user@server
# Or manually
cat ~/.ssh/id_rsa.pub | ssh user@server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
SSH Security
Harden SSH
Security settings:
# Edit config
sudo vim /etc/ssh/sshd_config
Add:
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3
fail2ban
Install fail2ban:
# Install fail2ban
sudo pacman -S fail2ban
# Enable
sudo systemctl enable fail2ban
sudo systemctl start fail2ban
Troubleshooting
Cannot Connect
Check service:
# Check SSH status
systemctl status sshd
# Check firewall
sudo ufw status
Permission Denied
Check permissions:
# Check key permissions
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 700 ~/.ssh
Summary
This guide covered SSH configuration for Arch Linux, CachyOS, and other distributions, including server setup, client configuration, and security.
Next Steps
- Security Configuration - Security setup
- Remote Desktop - Remote access
- System Hardening - System hardening
- ArchWiki SSH: https://wiki.archlinux.org/title/OpenSSH
This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.