Low Orbit Flux Logo 2 F

Linux - How to Enable SSH

We’re going to show you how to enable an SSH server on Linux. This will give you easy remote access to the system from the terminal. Once setup, you will be able to login with SSH and transfer files with SCP. SSH is the standard, secure way to connect to Linux and Unix systems.

Basic Steps:

Optional Steps:

We are going to cover Ubuntu, Debian, RHEL, CentOS, Fedora, and Arch.

Quick Basic Steps

Assuming you are running a somewhat recent version of Ubuntu ( or Debian ), these are the quick, basic steps to get you up and running with SSH server:

sudo apt update
sudo apt install openssh-server
sudo systemctl enable ssh
sudo systemctl start ssh
sudo systemctl status ssh
ssh user1@my-server1

That’s it! You are all set. If you are using a different distro or want to understand the process better, keep reading. We also have instructions for further customization.

Install OpenSSH Server

For Ubuntu:

Update your repository info:

sudo apt update

Actually install the package:

sudo apt install openssh-server

For Centos 8, RHEL 8, and Newer Fedora Versions:

dnf install openssh-server

For Centos 6/7 or RHEL 6/7:

sudo yum -y install openssh-server openssh-clients

For Arch Linux:

pacman -S openssh

Enable OpenSSH Server

The server will probably be enabled and running once you install it. You can use these step to enable it if you need to and to verify that it is up and running. This should be pretty close to the same thing for any distro so long as you are using systemd. If you aren’t running systemd, this will be a bit different.

With Systemd ( RHEL 7/8 and Recent Ubuntu )

Make sure the ssh service is enabled and will start on boot:

sudo systemctl enable ssh

Start the server:

sudo systemctl start ssh

Check the status of the service:

sudo systemctl status ssh

Manually check that the process is running:

ps -ef | grep -i sshd

Verify that you can connect to the system with SSH. This is assuming that your username is “user1” and that the hostname is “my-server1”.

ssh user1@my-server1

Without Systemd ( RHEL 6 )

Enable it to start on boot:

chkconfig sshd on

Start it up:

service sshd start

Verify ( similar to above steps for systemd ):

ps -ef | grep -i sshd 
ssh user1@my-server1

Setup Firewall

For Ubuntu:

The firewall is disabled by default on Ubuntu but if you want to enable it you can. It can be setup to allow access to ssh like this. Just be careful that you don’t disconnect yourself by accidentally blocking ssh. Allow SSH before you enable the firewall.

sudo ufw allow ssh
sudo ufw enable
sudo ufw status

For Centos 8 or RHEL 8:

firewall-cmd --zone=public --permanent --add-service=ssh
firewall-cmd --reload

Disable Root Login Over SSH

It is a good idea to disable root login through SSH. This is a good security measure. It is best practice to login as an unprivileged user and then either change to the root user after you have connected or use sudo.

WARNING - Don’t lock yourself out. Before disabling root login over SSH you should make sure that you can change to the root user from your own account. This can be done either by using the root password or by using sudo. See the section on setting up sudo.

Use either vim or nano to edit your ssh config file:

sudo vim /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config

Make sure that you have a line like this and that it is uncommented:

PermitRootLogin no

Reload the service ( or just restart it ) so that the changes will be live:

systemctl reload sshd

Change What Port SSHD Runs On

Changing the port that SSH runs on can help to avoid potential attacks. People are constantly running automated scans looking for vulnerable ports. When they are looking for an SSH server to attack they will usually just scan for port 22 across all hosts in a range. Just by changing your port you can avoid being detected by these automated scans. It doesn’t make you invisible. It just makes it easier to stay under the radar. It reduces the chances that you will become a target.

Use either vim or nano to edit your ssh config file:

sudo vim /etc/ssh/sshd_config
sudo nano /etc/ssh/sshd_config

Find the line that specifies the port and uncomment it if needed. Update the port number to the number that you want.

Port 1234

Reload the service ( or just restart it ) so that the changes will be live:

systemctl reload sshd

When you login using a non-standard port you will need to specify the number from your client.

Sudo Access

Sudo can be used to run commands as root or as another user. There is a good chance that you already have this access. If not, we will show you how to enable it.

If you want to run a command as root you can just put the sudo command before the actual command that you want to run with root privileges:

sudo cat /etc/shadow

If you want to change user to root without sudo you would use the following command but you will need the root password:

su -

If you want to change user to root without the root password and you have sudo access you can run the following which will require your own password:

sudo su -

If you don’t have sudo access you will get an error running the sudo command. You will need to add yourself to the sudoers file. To do this you will need to edit the file using either vim or nano.

vim /etc/sudoers
nano /etc/sudoers

You can directly add yourself to this file by adding a line like this ( assuming your user name is “user1” ):

user1   ALL=(ALL:ALL) ALL

Alternatively you could specify a group in the sudoers file and just make sure that your user is added to that group. There is a good chance that a group like this is already defined:

%sudo   ALL=(ALL:ALL) ALL

If you see something like this already defined, you will just need to uncomment that group and make sure that your user is a member of the group.

You can add a user to the sudo group, for example, by adding a line like this to the /etc/group file. Edit this file using either nano or vim.

sudo:x:1000:steve,greg,user1,tom,user2

Disabling SSH

On a system with systemd it is easy to disable SSH. Just stop the service and then disable it so that it won’t start on boot.

sudo systemctl stop ssh
sudo systemctl disable ssh

References