How to Install SSH on Fedora 39, 38 Linux

Secure Shell (SSH) is an essential tool for secure remote access and administration of servers and computers. This guide will demonstrate how to install SSH on Fedora Linux, allowing you to manage your system from anywhere securely. SSH provides a secure remote server management channel and supports a range of functionalities that enhance both security and convenience.

Key Features of SSH:

  • Secure Remote Access: Enables encrypted connections to remote servers, ensuring data privacy and integrity.
  • Authentication Flexibility: Supports password-based and key-based authentication methods.
  • Data Encryption: Utilizes strong encryption algorithms to safeguard data transmitted over the network.
  • Port Forwarding: Allows secure tunneling of network services through encrypted channels.
  • File Transfer Capability: Facilitates secure file transfers using SCP and SFTP protocols.
  • Interoperability: Compatible with a wide range of operating systems and devices.

Understanding SSH and its setup on Fedora Linux is not just about enhancing security; it’s about empowering you with the tools to manage your digital environment effectively and safely. Let’s delve into setting up SSH, ensuring your Fedora Linux system is accessible and secure.

Install SSH on Fedora Linux via DNF

Step 1: Update Fedora Packages Before SSH Installation

To maintain system compatibility and prevent conflicts, updating your Fedora system packages before installing SSH is crucial. This ensures that all your system components are up to date.

Run the following command in the terminal to update your packages:

sudo dnf upgrade --refresh

This command refreshes the repository metadata and upgrades the packages, ensuring your system is current.

Step 2: Install SSH on Fedora via DNF Command

Before proceeding with the installation, checking if the OpenSSH server is already on your Fedora system is good practice. Use this command to search for the OpenSSH server package:

rpm -qa | grep openssh-server

If this command returns a result, the OpenSSH server is already installed. If there’s no output, you need to install it.

Use this command to install the OpenSSH server:

sudo dnf install openssh-server

Step 3: Enabling and Starting the SSHD Service

Once the OpenSSH server is installed, your next step is to enable the SSHD service. This action ensures that the SSH daemon automatically starts with each system boot, offering consistent remote access.

Enable SSHD using this command:

sudo systemctl enable sshd

After enabling, start the SSH server with:

sudo systemctl start sshd

To verify that the SSH server is running correctly, you can check its status:

systemctl status sshd
Terminal output confirming SSH service activation on Fedora Linux
Terminal Screenshot Showing SSH Service Enabled on Fedora

Using SSH to Connect to a Remote Server on Fedora Linux

Connecting to a Remote Server with Password Authentication

After setting up SSH, you can initiate a connection to a remote server. For a password-based authentication, use the following syntax:

ssh username@remote_server

Replace username with your actual username and remote_server with the server’s IP address or hostname. Upon executing this command, you’ll be prompted to enter your password for authentication.

Connecting to a Remote Server with Public Key Authentication

For enhanced security, SSH also supports public key authentication. This method is more secure than password authentication as it uses cryptographic keys. Execute the command:

ssh -i /path/to/private_key username@remote_server

Here, replace /path/to/private_key with the path to your private key file, username with your username, and remote_server with the server’s IP address or hostname. This method bypasses the need for password entry, leveraging the private key for authentication.

Specifying a Different Port

SSH defaults to port 22 for connections. However, if the remote server listens on a different port, specify it using the -p option:

ssh -p 2222 username@remote_server

Change 2222 to the actual port number used by the remote server.

Transferring Files with SCP

SCP (Secure Copy Protocol) is a secure method for transferring files between systems via SSH. To copy a file from your local system to a remote server, use this command:

scp /path/to/local/file username@remote_server:/path/to/remote/directory

Adapt /path/to/local/file to the local file’s path, username to your username, remote_server to the server’s IP or hostname, and /path/to/remote/directory to the target directory on the remote server. This command securely copies the file to the specified directory on the remote server.

Configure SSH on Fedora Linux Examples

Disable GSSAPI Authentication

Consider disabling GSSAPI authentication for enhanced performance, as it can slow down SSH connection times. To do this, add the following line to your /etc/ssh/sshd_config file:

GSSAPIAuthentication no

This modification prevents GSSAPI authentication, which can reduce delays during SSH connection setup.

Adjust SSH Session Timeouts

To manage SSH session timeouts, add these lines to your SSH configuration file:

ClientAliveInterval 300
ClientAliveCountMax 2

This configuration sends a keep-alive message every 300 seconds (5 minutes) and terminates the session if no response is received after two messages. It helps in maintaining active sessions and closing inactive ones.

Disable Root Login

Disabling root login is a critical security practice to defend against brute-force attacks. Include this line in your SSH configuration:

PermitRootLogin no

This setting ensures that remote root login is disabled, significantly enhancing your system’s security.

Use Public Key Authentication

Public key authentication offers a more secure alternative to password-based methods. First, generate an SSH key pair:

ssh-keygen -t rsa -b 4096

Then, transfer your public key to the remote server:

ssh-copy-id user@remote_server

Replace user with your username and remote_server with the server’s IP or hostname. After copying the key, enable public key authentication in your SSH configuration:

PubkeyAuthentication yes

Restrict SSH Access to Specific Users or Groups

To limit SSH access to certain users or groups, add these lines to your SSH configuration file:

AllowUsers user1 user2
AllowGroups group1 group2

Replace user1 user2 with the allowed usernames and group1 group2 with the allowed group names. This restriction enhances security by limiting access.

Changing the Port of SSH

Changing the default SSH port (22) can reduce unauthorized access attempts. To change the SSH port, add this line to your SSH configuration file:

Port <port_number>

Replace <port_number> with your chosen port, ideally between 1024 and 65535, ensuring another service does not use it. This step adds an extra layer of security by obscuring the SSH port from automated attacks.

SSH Security with Firewalld on Fedora Linux

Allowing Your IP Address in Firewalld

Ensuring uninterrupted access is critical in a Fedora-based VPS or remote server environment. Before adjusting Firewalld settings, especially for remote system connections, allowing your IP address is essential. Overlooking this could result in losing access to the server after applying firewall changes.

To allow your specific IP address in Firewalld, run the following command:

sudo firewall-cmd --permanent --add-source=<your_ip_address>

Replace <your_ip_address> with the actual IP address you are currently using. This step is crucial to maintain your access uninterrupted.

Integrating SSH Service into Firewalld

Once your IP address is safely allowed, add the SSH service to Firewalld. This action ensures that SSH connections are permitted through the firewall. Use this command:

sudo firewall-cmd --add-service=ssh --permanent

This command adds SSH to the list of services Firewalld will allow through the firewall.

Activating Updated Firewalld Settings

After making the necessary changes, apply them by reloading Firewalld:

sudo firewall-cmd --reload

Reloading Firewalld activates the new settings without interrupting the current network connectivity.

Verifying SSH Service in Firewalld

To ensure that SSH is correctly configured and allowed in Firewalld, execute:

sudo firewall-cmd --list-services | grep ssh

This command checks the list of services Firewalld allows and confirms SSH’s presence, verifying that your remote SSH sessions are secure and accessible.


In this guide, we’ve walked through the essential steps to install SSH on Fedora Linux. These procedures are fundamental for anyone managing Linux servers remotely, from installing SSH to configuring key security settings with Firewalld. Remember, regular updates and consistent monitoring of your SSH configurations are crucial to maintaining robust security.

Leave a Comment

Your Mastodon Instance
Share to...