Linux: Setup SSH

The SSH protocol allows Linux administrators to log in to any number of remote systems from their own command line terminal. SSH is a client-server service providing secure, encrypted connections over a network connection. This allows us terminal access to other Linux systems or really any device that accepts SSH connections, such as routers and firewalls, and other operating systems.

A user can also set up an SSH server on their own computer if they want to allow incoming connections. This can be useful if you want to access your computer when away from your desk, or you have other users on your system that need to use the computer. In this tutorial, we will go over the step by step instructions to setup SSH as both a client and server on all major Linux distros.

DID YOU KNOW?
In addition to providing us with a secure and encrypted way to log in to remote systems, the SSH protocol can also be used to for port forwarding, which allows us to encrypt the traffic between two systems for pretty much any protocol.

In this tutorial you will learn:

How to install SSH Client and Server on all major Linux distros
How to use the ssh command to log in to a remote server
How to start, stop, enable, and disable the SSH service
How to allow incoming SSH connections through the system firewall
Recommendations for SSH server configuration and security

Software Requirements and Linux Command Line Conventions
Category	Requirements, Conventions or Software Version Used
System	Any Linux distro
Software	OpenSSH
Other	Privileged access to your Linux system as root or via the `sudo` command.
Conventions	# – requires given linux commands to be executed with root privileges either directly as a root user or by use of `sudo` command $ – requires given linux commands to be executed as a regular non-privileged user

How to Install SSH on Linux

The first thing we need to do is install SSH. There are separate software packages available depending on if you want to install the client package, server package, or both.

The OpenSSH Client package will allow you to use SSH to log in or initiate connections to remote systems.
The OpenSSH Server package will allow you to setup the SSH service and accept incoming connections. It is not necessary (or recommended) to install this package if you only plan to use SSH as a client.

The SSH command is generally available by default on all Linux distributions, but if your system does not have it, you can use the appropriate command below to install the OpenSSH client package with your system’s package manager. The second command in each example below will install the Server package (skip if you do not need it).

To install OpenSSH Client and Server on Ubuntu, Debian, and Linux Mint:

$ sudo apt update
$ sudo apt install openssh-client
$ sudo apt install openssh-server

To install OpenSSH Client and Server on Fedora, CentOS, AlmaLinux, and Red Hat:

$ sudo dnf install openssh
$ sudo dnf install openssh-server

To install OpenSSH Client and Server on Arch Linux and Manjaro:

$ sudo pacman -S openssh # all in one package

Using SSH Command

Now that SSH is installed, we can use the ssh command to connect to a remote server and login. The basic syntax is as follows, where user is the username and linuxconfig.org is the remote server. You can also use the IP address instead of hostname.
```
$ ssh user@linuxconfig.org
```
The default port for SSH to listen on is 22. If the remote system is running the SSH service on some non default port, you can specify that port with the -p option in your command. The following example shows how you would SSH into a remote system that’s running the service on port 2210.
```
$ ssh -p 2210 user@linuxconfig.org
```
Having SSH installed also gives us access to the scp command. The scp command in Linux is used to copy files and directories to or from a remote system. It works very similarly to the cp command, except that it copies files to or from other systems that are either on your local network or somewhere over the internet. Let’s look at a simple example where we use the scp command to copy a local file named file.txt to a remote server with hostname linuxconfig.org.
```
$ scp file.txt user@linuxconfig:/path/to/dest
```

NOTE – PASSWORDLESS LOGIN
If you get tired of typing in your password every time, you can authenticate using RSA keys instead.

How to Configure SSH Server

To allow users to login to your system via SSH, we will show you how to control the service and allow the connections through your firewall in the steps below.

To begin accepting incoming SSH connections, we need to start the SSH service with the systemctl command. To start or stop the SSH server:
```
$ sudo systemctl start sshd
AND
$ sudo systemctl stop sshd
```
To enable (make SSH start automatically at system boot), or disable the SSH server:
```
$ sudo systemctl enable ssh
OR
$ sudo systemctl disable ssh
```
Check whether the SSH server is running by using the systemctl status command.
```
$ sudo systemctl status ssh
```
The sshd status indicates that the service is currently running
In order to accept incoming connections, you will also need to allow the service through your system firewall. The commands for doing that may differ depending on your Linux distro. Use the appropriate ones below.
On Ubuntu and systems using ufw (uncomplicated firewall):
```
$ sudo ufw allow ssh
```
On RHEL based distros or any others using firewalld:
```
$ sudo firewall-cmd --zone=public --permanent --add-service=ssh
$ sudo firewall-cmd --reload
```
Or if you are just using iptables and no firewall frontend:
```
$ sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
```

That’s all there is to it. As long as there is no physical router or firewall blocking connections to the SSH server, it should be ready to accept incoming connections.

Further SSH Server Recommendations

With your SSH server ready to accept incoming connections, there are some configuration and security recommendations that you can apply. We have compiled some of the most important ones below, and given you links to more in depth tutorials for further reading:

How to make the most of OpenSSH – Copying files between machines with scp, key based authentication, saved logins, mounting file systems over SSH
SSH remote login syntax and examples – Enabling root login, executing commands over SSH, using tar over SSH, adding SSH aliases
How to secure SSH best practices – Using SSH keys, changing default port, allow specific users to log in

Closing Thoughts

In this tutorial, we saw how to setup SSH on a Linux system. This included using SSH as a client package and ssh command, along with setting up SSH as a service that listens for incoming connections. SSH is an essential protocol for most Linux systems, as it allows you to open remote terminals to any number of systems, or to manage your own system from over the internet. We can also do other handy things like copy files remotely, or create encrypted tunnels for other protocols.

How to Install SSH on Linux

Using SSH Command

How to Configure SSH Server

Further SSH Server Recommendations

Closing Thoughts

Related Linux Tutorials: