How to install and configure SSH on CentOS 8

SSH (Secure Shell), is a network protocol that is used in order to operate remote logins to distant machines within a local network or over Internet.

We are going to see how you can install and configure SSH client and server tools on CentOS 8 distributions. Just follow the instructions below.

 

Installing SSH Client

To connect to a SSH server you must have OpenSSH client programs installed on your client machine.

In the case of CentOS/RHEL, you can install OpenSSH client programs running the following command:

$ sudo yum install openssh-clients

The above command should install SSH client programs.

 

Installing SSH Server

To connect to your CentOS 8 server using SSH, you must have SSH server software installed on your CentOS 8 machine.

Run the following command to install SSH server softwares on your CentOS 8 machine:

$ sudo yum install openssh-server

The command should run a complete installation process of OpenSSH server package.

 

Managing OpenSSH Server Service

Once you have installed OpenSSH server software on your CentOS 8 machine, run the following command to check whether the sshd service is running:

$ sudo systemctl status sshd

The above command will reveal whether the sshd service is active/running  and if it is enabled to start automatically on system boot.

By default, your SSH server is listening on all network interfaces (0.0.0.0) on port 22.

If, for some reason, the sshd service is not running on your CentOS 8 machine, run the following command to manually start it:

$ sudo systemctl enable sshd

To disable SSH service to automatically start on system boot, for security reasons, run the following command:

$ sudo systemctl disable sshd

To stop sshd service once you’ve configured your CentOS 8 server machine, run the following:

$ sudo systemctl stop sshd

Restart the sshd service so all the changes made to SSH server configuration files to take effect. Run the following command:

$ sudo systemctl restart sshd

 

Connecting to the SSH Server

In order to connect to your SSH server, we recommend you to follow the instructions below.

To link to the SSH server, when you have SSH server software installed, you must know the IP address of your CentOS 8 computer.

Find your IP address, by running the following command:

$ ip a

The above command will reveal the IP address of your CentOS machine.

Next, from a client computer (must have SSH client programs installed), run the following command to connect to the CentOS 8 server using SSH:

$ ssh login_username@ip_address

Type in yes and press Enter.

Then, type in the password of your login_username and press Enter. You should be logged in to the CentOS 8 machine via SSH

Now you can run any command on your CentOS 8 server from the client.

Close the SSH session once you’re done, using the following command:

$ exit

The above command should close the SSH session.

 

SSH Configuration Files

By default, your SSH server and client configuration files are located at /etc/ssh directory. The most important ones are:

• ssh_config: defines SSH rules for clients. It defines rules that are applied everytime you use SSH to connect to a remote host or to transfer files between hosts;
• sshd_config: defines SSH rules for your SSH server. It defines the reachable SSH port or deny specific users from communicating with your server.

 

Configuring SSH Server

Edit the sshd_config file using CentOS 8’s default text editor vi.

Run the following command to open /etc/ssh/sshd_config configuration file in vi text editor:

$ sudo vi /etc/ssh/sshd_config

The above command should open the configuration file. To modify the file, press i to go to insert mode.

After modifying the configuration file, press Esc to return to command mode.

To save the file and close vi text editor: type in :wq! and press Enter.

To discard the changes and close vi text editor: type in :q! and press Enter.

 

Changing SSH Server Port

If for security reasons you want to change the SSH server port from the default port 22 to something else (say 8111) then uncomment the line sshd_config from the configuration file.

Edit your sshd_config configuration file and look for the following line.

#Port 22

Configure SELinux to allow the port 8111 for SSH with the following command:

$ sudo semanage port -a -t ssh_port_t -p tcp 8111

Restart the sshd service:

$ sudo systemctl restart sshd

SSH server should run on port 8111 from now on.

$ sudo systemctl status sshd

 

Changing listening address

If you want the SSH server to listen to only a single network interface, then add the following line in the sshd_config file:

ListenAddress IP_ADDRESS_OF_INTERFACE

 

Disable root Login

By default, root login is available on your SSH server. To disable root login on your SSH server, modify the following lines: PermitRootLogin yes to PermitRootLogin no in the sshd_config configuration file.

 

Configuring Max Session and Max Password tries

To limit the number of users who can stay logged in to your CentOS 8 server via SSH, then uncomment MaxSessions in the sshd_config file and set your desired session number (default 10).

MaxSessions <How Many Sessions You Want>

Similarly, you can set a limit for failed login attempts. You only have to uncomment MaxAuthTries and set how many failed login attempts you want to allow before closing the connection.

MaxAuthTries <Number of Failed Login to Allow>