The SSH protocol allows Linux administrators to log in to any number of remote systems from their own command line terminal. SSH is a client-server service providing secure, encrypted connections over a network connection. This allows us terminal access to other Linux systems or really any device that accepts SSH connections, such as routers and firewalls, and other operating systems.
A user can also set up an SSH server on their own computer if they want to allow incoming connections. This can be useful if you want to access your computer when away from your desk, or you have other users on your system that need to use the computer. In this tutorial, we will go over the step by step instructions to setup SSH as both a client and server on all major Linux distros.
In addition to providing us with a secure and encrypted way to log in to remote systems, the SSH protocol can also be used to for port forwarding, which allows us to encrypt the traffic between two systems for pretty much any protocol.
In this tutorial you will learn:
- How to install SSH Client and Server on all major Linux distros
- How to use the
sshcommand to log in to a remote server
- How to start, stop, enable, and disable the SSH service
- How to allow incoming SSH connections through the system firewall
- Recommendations for SSH server configuration and security
|Category||Requirements, Conventions or Software Version Used|
|System||Any Linux distro|
|Other||Privileged access to your Linux system as root or via the
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of
$ – requires given linux commands to be executed as a regular non-privileged user
How to Install SSH on Linux
The first thing we need to do is install SSH. There are separate software packages available depending on if you want to install the client package, server package, or both.
- The OpenSSH Client package will allow you to use SSH to log in or initiate connections to remote systems.
- The OpenSSH Server package will allow you to setup the SSH service and accept incoming connections. It is not necessary (or recommended) to install this package if you only plan to use SSH as a client.
The SSH command is generally available by default on all Linux distributions, but if your system does not have it, you can use the appropriate command below to install the OpenSSH client package with your system’s package manager. The second command in each example below will install the Server package (skip if you do not need it).
To install OpenSSH Client and Server on Ubuntu, Debian, and Linux Mint:
$ sudo apt update $ sudo apt install openssh-client $ sudo apt install openssh-server
To install OpenSSH Client and Server on Fedora, CentOS, AlmaLinux, and Red Hat:
$ sudo dnf install openssh $ sudo dnf install openssh-server
To install OpenSSH Client and Server on Arch Linux and Manjaro:
$ sudo pacman -S openssh # all in one package
Using SSH Command
- Now that SSH is installed, we can use the
sshcommand to connect to a remote server and login. The basic syntax is as follows, where
useris the username and
linuxconfig.orgis the remote server. You can also use the IP address instead of hostname.
$ ssh firstname.lastname@example.org
- The default port for SSH to listen on is 22. If the remote system is running the SSH service on some non default port, you can specify that port with the
-poption in your command. The following example shows how you would SSH into a remote system that’s running the service on port 2210.
$ ssh -p 2210 email@example.com
- Having SSH installed also gives us access to the scp command. The scp command in Linux is used to copy files and directories to or from a remote system. It works very similarly to the cp command, except that it copies files to or from other systems that are either on your local network or somewhere over the internet. Let’s look at a simple example where we use the scp command to copy a local file named
file.txtto a remote server with hostname
$ scp file.txt user@linuxconfig:/path/to/dest
If you get tired of typing in your password every time, you can authenticate using RSA keys instead.
How to Configure SSH Server
To allow users to login to your system via SSH, we will show you how to control the service and allow the connections through your firewall in the steps below.
- To begin accepting incoming SSH connections, we need to start the SSH service with the
systemctlcommand. To start or stop the SSH server:
$ sudo systemctl start sshd AND $ sudo systemctl stop sshd
- To enable (make SSH start automatically at system boot), or disable the SSH server:
$ sudo systemctl enable ssh OR $ sudo systemctl disable ssh
- Check whether the SSH server is running by using the
$ sudo systemctl status ssh
- In order to accept incoming connections, you will also need to allow the service through your system firewall. The commands for doing that may differ depending on your Linux distro. Use the appropriate ones below.
On Ubuntu and systems using ufw (uncomplicated firewall):
$ sudo ufw allow ssh
On RHEL based distros or any others using firewalld:
$ sudo firewall-cmd --zone=public --permanent --add-service=ssh $ sudo firewall-cmd --reload
Or if you are just using iptables and no firewall frontend:
$ sudo iptables -A INPUT -p tcp --dport ssh -j ACCEPT
That’s all there is to it. As long as there is no physical router or firewall blocking connections to the SSH server, it should be ready to accept incoming connections.
Further SSH Server Recommendations
With your SSH server ready to accept incoming connections, there are some configuration and security recommendations that you can apply. We have compiled some of the most important ones below, and given you links to more in depth tutorials for further reading:
- How to make the most of OpenSSH – Copying files between machines with
scp, key based authentication, saved logins, mounting file systems over SSH
- SSH remote login syntax and examples – Enabling root login, executing commands over SSH, using tar over SSH, adding SSH aliases
- How to secure SSH best practices – Using SSH keys, changing default port, allow specific users to log in
In this tutorial, we saw how to setup SSH on a Linux system. This included using SSH as a client package and
ssh command, along with setting up SSH as a service that listens for incoming connections. SSH is an essential protocol for most Linux systems, as it allows you to open remote terminals to any number of systems, or to manage your own system from over the internet. We can also do other handy things like copy files remotely, or create encrypted tunnels for other protocols.