RHEL BasedRocky Linux

How To Install SSH on Rocky Linux 9

r00t

Install SSH on Rocky Linux 9

Secure Shell (SSH) is an essential tool for system administrators and developers working with remote servers. It provides a secure method of accessing and managing systems over unsecured networks. Rocky Linux 9, a robust and community-driven enterprise Linux distribution, offers excellent support for SSH. This comprehensive guide will walk you through the process of installing SSH on Rocky Linux 9, configuring it for optimal performance and security, and troubleshooting common issues.

Whether you’re a seasoned Linux professional or just starting your journey with Rocky Linux 9, this article will equip you with the knowledge and skills to set up SSH effectively. We’ll cover everything from the basics of SSH to advanced configuration options, ensuring you have a solid foundation for secure remote access to your Rocky Linux 9 systems.

Understanding SSH

Before diving into the installation process, it’s crucial to understand what SSH is and why it’s so important in the world of system administration and network security.

What is SSH?

SSH, or Secure Shell, is a cryptographic network protocol that enables secure communication between two networked devices. It was designed as a replacement for less secure protocols like Telnet, providing encrypted data transmission over unsecured networks.

Benefits of using SSH

SSH offers several advantages over other remote access protocols:

  • Strong encryption: All data transmitted via SSH is encrypted, protecting sensitive information from interception.
  • Authentication: SSH uses various methods to verify the identity of users and hosts, preventing unauthorized access.
  • Integrity: SSH ensures that data hasn’t been tampered with during transmission.
  • Versatility: Beyond remote login, SSH supports tunneling, port forwarding, and secure file transfers.

SSH vs. other remote access protocols

Compared to older protocols like Telnet or rlogin, SSH provides superior security. While Telnet transmits data in plain text, SSH encrypts everything, making it significantly more difficult for malicious actors to intercept sensitive information. This makes SSH the preferred choice for remote system administration and secure file transfers.

Preparing for SSH Installation

Before installing SSH on your Rocky Linux 9 system, it’s important to ensure your system meets the requirements and is up to date.

System requirements

Rocky Linux 9 is compatible with most modern hardware. For SSH installation, you’ll need:

  • A system running Rocky Linux 9
  • Root or sudo access to the system
  • An active internet connection for package downloads

Checking for existing SSH installation

Rocky Linux 9 might come with SSH pre-installed. To check if SSH is already present on your system, run the following command:

ssh -V

If SSH is installed, this command will display the version information. If you see a “command not found” error, you’ll need to proceed with the installation.

Updating Rocky Linux 9

Before installing new packages, it’s always a good practice to update your system. Run the following commands to update Rocky Linux 9:

sudo dnf check-update
sudo dnf upgrade

These commands will check for available updates and then upgrade all installed packages to their latest versions.

Installing SSH on Rocky Linux 9

Now that your system is prepared, let’s proceed with the SSH installation process.

Using DNF package manager

Rocky Linux 9 uses the DNF (Dandified Yum) package manager. We’ll use DNF to install the OpenSSH packages.

Installing OpenSSH server

To install the OpenSSH server, which allows your Rocky Linux 9 system to accept SSH connections, run the following command:

sudo dnf install openssh-server

DNF will calculate dependencies and prompt you to confirm the installation. Type ‘y’ and press Enter to proceed.

Installing OpenSSH client (if needed)

If you also need to connect to other SSH servers from your Rocky Linux 9 system, you should install the OpenSSH client:

sudo dnf install openssh-clients

In most cases, the OpenSSH client is already installed by default on Rocky Linux 9.

Configuring SSH

After installation, it’s important to configure SSH for optimal security and performance.

Locating the SSH configuration file

The main SSH configuration file is located at /etc/ssh/sshd_config. To edit this file, use a text editor with root privileges:

sudo nano /etc/ssh/sshd_config

Essential configuration options

Here are some key configuration options you might want to modify:

  • Port: Change the default SSH port (22) to a non-standard port for improved security.
  • PermitRootLogin: Set to ‘no’ to disable direct root login via SSH.
  • PasswordAuthentication: Set to ‘no’ if you plan to use key-based authentication only.
  • X11Forwarding: Enable or disable X11 forwarding based on your needs.

Security best practices

To enhance SSH security:

  • Use strong, unique passwords for all accounts.
  • Implement key-based authentication instead of password authentication.
  • Limit SSH access to specific IP addresses or ranges if possible.
  • Keep your system and SSH software up to date.

Starting and Enabling SSH Service

After installation and configuration, you need to start the SSH service and enable it to start automatically on system boot.

Starting the SSH service

To start the SSH service immediately, use the following command:

sudo systemctl start sshd

Enabling SSH to start on boot

To ensure that the SSH service starts automatically when your system boots, run:

sudo systemctl enable sshd

Checking SSH service status

To verify that the SSH service is running and properly configured, use:

sudo systemctl status sshd

This command will display the current status of the SSH service, including whether it’s active and enabled.

Connecting to SSH

Now that SSH is installed and running on your Rocky Linux 9 system, let’s look at how to connect to it from various clients.

Using SSH from a Linux/macOS client

On Linux or macOS systems, you can use the built-in SSH client. Open a terminal and use the following command:

ssh username@your_server_ip

Replace ‘username‘ with your actual username on the Rocky Linux 9 system, and ‘your_server_ip‘ with the IP address or hostname of your server.

Using SSH from a Windows client

For Windows users, there are several options:

  • Use the built-in OpenSSH client (available in recent Windows 10 and 11 versions)
  • Use PuTTY, a popular SSH client for Windows
  • Use Windows Subsystem for Linux (WSL) and connect as you would from a Linux system

Common SSH commands

Here are some useful SSH commands:

  • ssh-keygen: Generate SSH key pairs
  • ssh-copy-id: Copy your public key to a remote server
  • scp: Securely copy files between local and remote systems
  • sftp: Secure file transfer protocol for interactive file transfers

Troubleshooting SSH Installation and Connection

Even with careful installation and configuration, you might encounter issues. Here are some common problems and their solutions.

Common installation issues

  • Package conflicts: Ensure all system packages are up to date before installing SSH.
  • Insufficient disk space: Free up disk space or expand your storage if needed.
  • Repository issues: Check your internet connection and DNF repository configuration.

Connection problems

  • Connection refused: Ensure the SSH service is running and the port is correct.
  • Authentication failures: Verify your username and password, or check your SSH key configuration.
  • Slow connections: This could be due to network issues or DNS resolution problems.

Firewall configuration

If you’re having trouble connecting, your firewall might be blocking SSH traffic. To allow SSH through the firewall:

sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload

Advanced SSH Topics

Once you’re comfortable with basic SSH usage, consider exploring these advanced topics:

SSH key-based authentication

Key-based authentication is more secure than password authentication. To set it up:

  1. Generate an SSH key pair on your client machine
  2. Copy the public key to the server
  3. Configure SSH to prefer key-based authentication

SSH tunneling

SSH tunneling allows you to securely forward ports between local and remote systems. This is useful for accessing services that aren’t directly exposed to the internet.

SSH config file

The SSH config file (~/.ssh/config) allows you to define aliases and default settings for different SSH connections, simplifying complex connection strings.

Best Practices for SSH Security

To maintain a secure SSH environment, consider implementing these best practices:

Changing default port

Changing the default SSH port (22) to a non-standard port can help reduce automated attacks. Remember to update your firewall rules accordingly.

Disabling root login

Prevent direct root login via SSH by setting PermitRootLogin no in your SSH configuration file. Instead, use a regular user account and sudo for administrative tasks.

Implementing fail2ban

Fail2ban is a intrusion prevention software that can help protect your SSH server from brute-force attacks. It works by temporarily banning IP addresses that show malicious signs, such as multiple failed login attempts.

Congratulations! You have successfully installed SSH. Thanks for using this tutorial for installing the openSSH on your Rocky Linux 9 system. For additional help or useful information, we recommend you check the official SSH website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!
Tags
r00t
Photo of r00t

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Copyright © 2024 idroot.us | All Rights Reserved.
Back to top button