Master SSH: Install OpenSSH, Configure Clients & Servers, and Apply Best Practices

Introduction

SSH (Secure Shell) provides encrypted data transmission between a local host and a remote server, replacing insecure tools like telnet and ftp. OpenSSH is the free, open‑source implementation of the SSH protocol, offering secure, compressed, and authenticated remote sessions.

How SSH Works

SSH consists of a server daemon (sshd) and a client program. The client initiates a connection, the server verifies the request, exchanges keys, and establishes an encrypted session. Authentication can be password‑based or key‑based, with key authentication offering stronger security.

Installing OpenSSH Server

Check whether the packages openssh-server, openssh, openssh-clients, and openssh-askpass are installed; if not, install them using: yum install openssh-askpass -y After installation, the sshd daemon runs on port 22, awaiting client connections.

Client Configuration

The client configuration file is /etc/ssh/ssh_config. Example commands include generating a key pair and copying files: rm -rf .ssh/id_rsa* Use scp to copy files securely, e.g., copy /etc/fstab to the remote /tmp directory.

Secure File Transfer (sftp)

sftp

provides encrypted file transfer similar to FTP, allowing you to retrieve resources from a remote host.

Server Configuration

Key server settings are adjusted in the sshd_config file (not shown). The article includes several illustrative screenshots of configuration steps.

SSH Best Practices

Do not use the default port.

Disable protocol version 1.

Restrict allowed login users.

Set idle session timeout.

Use firewall rules to limit SSH access.

Listen only on specific IP addresses.

Enforce strong passwords for password authentication (e.g., tr -dc A-Za-z0-9_ < /dev/urandom | head -c 30 | xargs).

Prefer key‑based authentication.

Disallow empty passwords.

Prohibit direct root login.

Limit connection frequency and concurrent sessions.

Maintain and regularly review logs (e.g., /var/log/secure).