How to Install and Configure OpenSSH Server In Linux

To Install and Configure OpenSSH Server In Linux

OpenSSH is an open source which is freeware tool that uses the ssh protocol and provide secure encrypted communication over a computer network. Thistutorial covers the ground on how to install and configure the OpenSSH server in Linux.

Advantages of OpenSSH

  • All communications and user credentials using OpenSSH are encrypted and protected.
  • It detects and informs, if a third party tries to intercept your connection.

Features of the OpenSSH

  • Agent Forwarding (Single-Sign-On)
  • Interoperability (Compliance with SSH 1.3, 1.5, and 2.0 protocol Standards)
  • Port Forwarding (encrypted channels for legacy protocols)
  • Strong Authentication (Public Key, One-Time Password and Kerberos Authentication)
  • SFTP client and server support in both SSH1 and SSH2 protocols
  • Kerberos and AFS Ticket Passing
  • Data Compression
  • Secure Communication
  • Strong Encryption (3DES, Blowfish, AES, Arcfour)
  • X11 Forwarding (encrypt X Window System traffic)

To Install OpenSSH in Linux

Execute the following commands with super user permissions.

For Ubuntu/Debian/Linux Mint

$ sudo apt-get install openssh-server openssh-client

For RHEL/Centos/Fedora

[root@linuxhelp ~]# yum -y install openssh-server openssh-clients
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: centos.excellmedia.net
 * epel: mirror.wanxp.id
 * extras: centos.excellmedia.net
 * updates: centos.excellmedia.net
Resolving Dependencies
-->  Running transaction check
--->  Package openssh-clients.x86_64 0:5.3p1-114.el6_7 will be installed
--->  Package openssh-server.x86_64 0:5.3p1-114.el6_7 will be installed
.  
.  
.  
Installed:
  openssh-clients.x86_64 0:5.3p1-114.el6_7      openssh-server.x86_64 0:5.3p1-114.el6_7     

Complete!

Now the installation of OpenSSH is completed.

To Configure OpenSSH

Before configuration take a backup of the file and start proceeding.

Run the following command to take a copy of the original sshd configuration file.

[root@linuxhelp ~]# cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup_copy

To Connect OpenSSH

Try to connect to the openssh server from your local host through openssh client or do portscan with nmap, just to verify openssh server is working or not.

Here we are using netcat(nc) command to verify.

[root@linuxhelp ~]# nc -v -z 127.0.0.122
Connection to 127.0.0.1 22 port [tcp/ssh] succeeded!

Now, Open the sshd_config file in text editor and change the port directive to 14 and restart the OpenSSH server.

[root@linuxhelp ~]# vim /etc/ssh/sshd_config

Change the default port no 22 to 14

save and exit from the file

[root@linuxhelp ~]# service sshd restart

Now, verify the port using nc command.

[root@linuxhelp ~]# nc -v -z 127.0.0.1 14
Connection to 127.0.0.1 14 port [tcp/*] succeeded!

If you want to show some login banners.. then modify the content of /etc/issue.net file by adding the following line inside the sshd configuration file.

[root@linuxhelp ~]# vim /etc/ssh/sshd_config

(Add the below line at the end of the configuration file)

Banner /etc/issue.net

Save and exit from the file.

Tag : OpenSSH
FAQ
Q
How can I stop my SSH session from timing out after it's been inactive for a while?
A
This problem is actually not usually due to SSH, but rather to an intervening network device, often a NAT gateway or firewall. These devices keep track of TCP flows and time them out after a period of inactivity, for reasons of security or resource consumption. OpenSSH does not have an idle-timeout feature. SSH1, Tectia, and VShell do, but the feature is off by default.

When searching for solutions to this problem, people are often first attracted to the TCP "KeepAlive" feature found in most SSH servers. This is understandable given the name, but this feature is actually not an appropriate (or effective) way to deal with the problem. It is not a feature of SSH per se, but rather a feature TCP which SSH will enable if desired. Its real purpose is not to keep a connection "alive" in the sense we mean it now (which was not a concern when the feature was conceived), but rather to detect half-dead connections and prevent them from building up over time, usually on the server side. The behavior and timing of the probe messages used for TCP keepalive are not effective for solving the modern problem. Instead, you can use the OpenSSH ClientAliveInterval or ServerAliveInterval features. These send periodic probe messages through the SSH protocol itself, and at an interval, you can adjust to avoid the problem timeout.

Of course, a low tech solution, at least for interactive sessions, is to just arrange for some text to be sent every once in a while — e.g., having Emacs display the time, so it changes once per minute.
Q
What is a difference between version 1 and version 2 for "SSH" protocol?
A
Use the following link to get information about the difference between version 1 and version 2 for "SSH" protocol as "http://www.snailbook.com/faq/ssh-1-vs-2.auto.html".
Q
How to install "OpenSSH server" on Ubuntu?
A
You can use the following command to install "OpenSSH server" on Ubuntu. For Syntax: "apt-get install openssh-server openssh-client".
Q
How can I do change the port number for "OpenSSH server" in Linux?
A
Yes, you can change the port number for "OpenSSH-server" in Linux.
1. Open a configuration file of "OpenSSH-server" as "/etc/ssh/sshd_config"
2. Fine the "Port" in the configuration file.
3. There you can set the customized port number for OpenSSH-server. For Ex: "Port 22" to "Port 111".
4. After making the changes, need to restart the "ssh" service.
Q
How to find the Port number which has been currently listened for "SSH" service by using the "netstat" command in Linux?
A
You can use the following syntax to find the Port number which has been currently listened for "SSH" service by using the "netstat" command in Linux. For Syntax: "netstat -tlpn| grep ssh".