SSH is a secure network protocol that enables remote access and management of Linux servers. It’s popular because it offers strong encryption and authentication features, preventing data interception and unauthorized access. System administrators and developers commonly use SSH to manage remote servers and execute commands securely.
SSH’s security features include data encryption, public-key authentication, and secure tunneling. It uses powerful encryption algorithms like AES and Blowfish to secure data transmission and supports public-key authentication, which is more secure than traditional password-based authentication. SSH also provides secure tunneling, enabling secure communication between two systems over an untrusted network.
This guide shows you installing and enabling SSH on Fedora Linux using the command line terminal. Following our easy-to-follow instructions, you can quickly set up SSH on your Fedora Linux system and start securely managing remote servers.
Table of Contents
Step 1: Update Fedora
Ensuring your system packages are up-to-date before installing, enabling, and configuring SSH on Fedora is important to avoid potential conflicts. You can do this by executing the following command:
sudo dnf upgrade --refresh
Step 2: Checking for OpenSSH Server
The first step is to check whether the OpenSSH server is installed on your Fedora system. To do so, execute the following command in the terminal:
rpm -qa | grep openssh-server
This command should produce a relevant output if the SSH server is installed. In case the output is missing, use the dnf command to install the OpenSSH server:
sudo dnf install openssh-server
Step 3: Enabling and Starting the SSHD Service
After installing the OpenSSH server, the next step is to enable the systemd service SSHD to ensure that the SSH daemon starts automatically after each reboot. Execute the following command in the terminal:
sudo systemctl enable sshd
Once the SSHD service is enabled, use the systemctl command to start the SSH server:
sudo systemctl start sshd
To check the status of the SSH server, use the following command:
sudo systemctl status sshd
You should now see that port 22 is open for incoming connections:
sudo ss -lt
Step 4: Using SSH to Connect to a Remote Server
Now that you have installed and enabled SSH on your Fedora Linux system, you can connect to a remote server. Here are some examples of how to use SSH to connect to a remote server:
Connecting to a Remote Server with Password Authentication:
To connect to a remote server using SSH with password authentication, use the following command:
ssh username@remote_server
Replace “username” with your username and “remote_server” with the IP address or hostname of the remote server. You will be prompted to enter your password to authenticate.
Connecting to a Remote Server with Public Key Authentication:
To connect to a remote server using SSH with public key authentication, use the following command:
ssh -i /path/to/private_key username@remote_server
Replace “/path/to/private_key” with the path to your private key file, “username” with your username, and “remote_server” with the IP address or hostname of the remote server. You will not be prompted to enter a password; the authentication is based on the private key.
Specifying a Different Port:
By default, SSH uses port 22 to connect to a remote server. If the remote server is listening on a different port, you can specify it using the “-p” option. For example:
ssh -p 2222 username@remote_server
Replace “2222” with the port number on which the remote server is listening.
Transferring Files with SCP:
SCP (Secure Copy) is a command-line tool that allows you to transfer files between systems using SSH securely. To transfer a file from your local system to a remote server, use the following command:
scp /path/to/local/file username@remote_server:/path/to/remote/directory
Replace “/path/to/local/file” with the path to the file you want to transfer, “username” with your username, “remote_server” with the IP address or hostname of the remote server, and “/path/to/remote/directory” with the path to the directory on the remote server where you want to transfer the file.
Step 5: Configuring SSH Examples
To improve security and performance, you can add some useful configurations to the SSH configuration file (/etc/ssh/sshd_config). These may not be recommended for your server or desktop setup; this is a user choice and just examples.
Disable GSSAPI Authentication:
GSSAPI authentication can cause delays in SSH connection establishment. To disable it, add the following line to the SSH configuration file:
GSSAPIAuthentication no
Adjust SSH Session Timeouts:
To adjust the SSH session timeouts, add the following lines to the SSH configuration file:
ClientAliveInterval 300
ClientAliveCountMax 2
These settings will cause the SSH server to send a message to the client every 5 minutes to keep the session alive and terminate the session if no response is received after two messages.
Disable Root Login:
Disabling root login is a common security measure that can protect against brute-force attacks. To disable it, add the following line to the SSH configuration file:
PermitRootLogin no
Use Public Key Authentication:
Public key authentication is a more secure method of authentication than password-based authentication. To use public key authentication, generate a new SSH key pair using the following command:
ssh-keygen -t rsa -b 4096
Then, copy the public key to the remote server using the following command:
ssh-copy-id user@remote_server
Replace “user” with your username and “remote_server” with the IP address or hostname of the remote server. Finally, edit the SSH configuration file to enable public key authentication:
PubkeyAuthentication yes
Restrict SSH Access to Specific Users or Groups:
To restrict SSH access to specific users or groups, add the following lines to the SSH configuration file:
AllowUsers user1 user2
AllowGroups group1 group2
Replace “user1 user2” with the usernames of the users you want to access and “group1 group2” with the names of the groups you want to access.
Changing the Port of SSH:
By default, SSH uses port 22 to listen for incoming connections. This is a well-known port often targeted by attackers, and changing the port can help protect against unauthorized access. To change the port of SSH, add the following line to the SSH configuration file:
Port <port_number>
Replace “<port_number>” with a different port number. It is recommended to choose a port number between 1024 and 65535 that another service does not use.
Step 6: Strengthening SSH Security with Firewalld on Fedora
When managing a VPS or any remote server setup using Fedora, maintaining consistent access is paramount. Before tweaking any settings in Firewalld, especially when connecting to the system from afar, it’s vital to allow your IP address. Neglecting this step could unintentionally block your access to the server once the firewall modifications are in place.
To permit your IP address in Firewalld, execute the command below:
sudo firewall-cmd --permanent --add-source=<your_ip_address>
Substitute <your_ip_address>
with the actual IP address you’re using.
With your IP address now allowed, you can confidently integrate the SSH service into Firewalld:
sudo firewall-cmd --add-service=ssh --permanent
Upon finalizing the changes, activate the updated Firewalld settings:
sudo firewall-cmd --reload
To confirm that the SSH service is appropriately allowed in Firewalld, execute:
sudo firewall-cmd --list-services | grep ssh
This command will verify that the SSH service is correctly configured within the firewall, guaranteeing that your remote sessions remain safe and reachable.
Conclusion
SSH is a critical tool for remote access and management of Linux servers, and it is essential to install and configure it properly to ensure optimal security and performance. Following the steps outlined in this guide, you can easily install and enable SSH on your Fedora Linux system and configure it for optimal performance and security.