AlmaLinux 9: How to Configure SSH Server and Use SSH Client

AlmaLinux 9: How to Configure SSH Server and Use SSH Client

October 4, 2024·İbrahim Korucuoğlu
İbrahim Korucuoğlu

Secure Shell (SSH) is an essential protocol for administrators and developers to securely manage remote servers. It provides encrypted communication between client and server, ensuring that data sent over the network is protected from eavesdropping. In AlmaLinux 9 , configuring an SSH server and using SSH clients allows you to connect, control, and manage your servers efficiently from a remote machine. This article will walk you through the process of setting up an SSH server on AlmaLinux 9 and how to use an SSH client for secure connections.


Table of Contents

    - Introduction to SSH
    • Why Use SSH in AlmaLinux?
    • Installing and Configuring SSH Server on AlmaLinux 9
    • Secure SSH Configuration: Best Practices
    • Using the SSH Client to Connect to a Remote Server
    • Transferring Files with SSH (SCP and SFTP)
    • Troubleshooting Common SSH Issues
    • Conclusion

    1. Introduction to SSH

    SSH (Secure Shell) is a cryptographic protocol designed for secure communication over a network. It provides several features:

      - ***Remote Command Execution*** : Execute commands on a remote system as if you're physically present.
      • Secure File Transfer : Transfer files between a local and a remote machine securely.
      • Tunneling : Forward data securely across an unsecured network.

      SSH is a replacement for older protocols like Telnet and rlogin , which do not encrypt traffic and are vulnerable to attacks.


      2. Why Use SSH in AlmaLinux?

      SSH is widely used because of its security and functionality. It offers:

        - ***Encrypted Connections*** : Prevents unauthorized access and protects sensitive data.
        • Remote Management : Allows administrators to manage servers without being physically present.
        • Flexibility : Supports tunneling, port forwarding, and file transfer protocols like SCP and SFTP.

        In AlmaLinux 9, OpenSSH is the default SSH implementation. It includes both the SSH server (sshd) and the client (ssh).


        3. Installing and Configuring SSH Server on AlmaLinux 9

        The first step in setting up remote access on AlmaLinux 9 is installing and configuring the OpenSSH Server .

        Step 1: Install OpenSSH

        By default, AlmaLinux 9 may have OpenSSH installed. To confirm or install it:

        sudo dnf install openssh-server

        Step 2: Enable and Start SSH Service

        After installation, enable the SSH service to ensure it starts on boot and is immediately active:

        sudo systemctl enable sshd
        sudo systemctl start sshd

        You can verify the status of the SSH service with:

        sudo systemctl status sshd

        If it’s running, you’re ready to accept SSH connections.

        Step 3: Configure the Firewall

        To allow SSH traffic through the firewall, open port 22 (the default SSH port):

        sudo firewall-cmd --permanent --add-service=ssh
        sudo firewall-cmd --reload

        If you intend to change the default port for added security (as explained below), you will need to open that port in the firewall.


        4. Secure SSH Configuration: Best Practices

        Security is a priority when configuring SSH. Several tweaks can improve the security of your SSH server, making it harder for attackers to compromise your system.

        Step 1: Disable Root Login

        By default, SSH allows root login, but this can be risky. Disabling root access ensures that users log in with non-privileged accounts before escalating privileges.

        Open the SSH configuration file:

        sudo nano /etc/ssh/sshd_config

        Locate the line:

        PermitRootLogin yes

        Change it to:

        PermitRootLogin no

        Step 2: Use SSH Key-Based Authentication

        Password authentication can be vulnerable to brute-force attacks. For stronger security, use SSH keys :

          - Generate a key pair on your client machine:
            ssh-keygen -t rsa -b 4096

          This will create a private key (id_rsa) and a public key (id_rsa.pub) in the ~/.ssh/ directory.

            - Copy the public key to the server:
              ssh-copy-id user@server_ip_address

            Alternatively, you can manually copy the contents of id_rsa.pub to the ~/.ssh/authorized_keys file on the server.

            Once key-based authentication is set up, disable password authentication in the /etc/ssh/sshd_config file:

            PasswordAuthentication no

            Restart the SSH service to apply changes:

            sudo systemctl restart sshd

            Step 3: Change the Default SSH Port

            Another security measure is to change the default SSH port (22) to something less predictable. Edit /etc/ssh/sshd_config:

            Port 2022

            Replace 2022 with any available port number. Don’t forget to update your firewall:

            sudo firewall-cmd --permanent --add-port=2022/tcp
            sudo firewall-cmd --reload

            Restart the SSH service after making the changes:

            sudo systemctl restart sshd

            5. Using the SSH Client to Connect to a Remote Server

            Once the SSH server is configured, you can connect to it using the SSH client from any Linux, macOS, or Windows machine (using tools like PuTTY on Windows).

            Step 1: Basic SSH Connection

            To connect to a remote server, use the following syntax:

            ssh user@server_ip_address

            For example, if the user is admin and the server’s IP is 192.168.1.10 , run:

            ssh admin@192.168.1.10

            If you changed the SSH port, specify the port using the -p option:

            ssh admin@192.168.1.10 -p 2022

            Step 2: Using SSH Keys

            If you’ve configured SSH key-based authentication, the SSH client will automatically use your private key (~/.ssh/id_rsa). If you have multiple keys, you can specify which key to use with the -i option:

            ssh -i /path/to/private_key user@server_ip_address

            6. Transferring Files with SSH (SCP and SFTP)

            SSH also supports secure file transfers using SCP (Secure Copy Protocol) and SFTP (Secure File Transfer Protocol).

            Step 1: Using SCP for File Transfers

            To copy files from a local machine to a remote server:

            scp /path/to/local/file user@server_ip_address:/path/to/remote/directory

            To copy files from a remote server to your local machine:

            scp user@server_ip_address:/path/to/remote/file /path/to/local/directory

            Step 2: Using SFTP for File Transfers

            SFTP is an interactive file transfer tool that works over SSH. To start an SFTP session, use:

            sftp user@server_ip_address

            Once connected, you can use standard file transfer commands like put, get, ls, cd, and exit.


            7. Troubleshooting Common SSH Issues

            If you encounter problems when using SSH, here are some common troubleshooting steps:

            1. ***SSH Connection Refused*** :
              - Ensure the SSH service is running: sudo systemctl status sshd.
              • Check if the firewall allows SSH traffic: sudo firewall-cmd –list-all.

              2. ***Permission Denied*** :
                - Verify that the correct user and key are being used.
                • Ensure the public key is properly configured in the server’s ~/.ssh/authorized_keys file.

                3. ***Slow Connection*** :
                  - This could be due to DNS resolution. Add the following line to /etc/ssh/sshd_config to skip DNS checks:
                  UseDNS no

                  8. Conclusion

                  SSH is a critical tool for managing remote servers securely. Configuring an SSH server in AlmaLinux 9 is straightforward, and once set up, it offers robust features like encrypted connections, remote command execution, and secure file transfers. By following best security practices—such as disabling root login, using key-based authentication, and changing the default SSH port—you can enhance the security of your remote connections.

                  Whether you’re managing a single server or an entire infrastructure, SSH is a fundamental tool that every administrator should master.

Last updated on