How to Set Up SSH for Secure Remote Access on Rocky Linux

by

Setting up SSH for secure remote access on Rocky Linux is an essential skill for system administrators and developers alike. SSH (Secure Shell) enables encrypted communication between systems, ensuring data confidentiality and integrity during remote management. In this blog, we will cover everything you need to know – from installation to securing your SSH server for enhanced protection.

📹 Watch the Step-by-Step Process in This Video:

What is SSH and Why Is It Important?

Contents Collapse
What is SSH and Why Is It Important?
Step 1: Installing the SSH Server
Step 2: Connecting to the SSH Server
Step 3: Securing Your SSH Server
Step 4: Enable Key-Based Authentication
Step 5: Troubleshooting Common Issues
FAQs
Conclusion
See also:

SSH, or Secure Shell, is a cryptographic protocol that allows secure communication over an unsecured network. It is widely used for remote server access, file transfers, and executing commands securely.

By setting up SSH on your Rocky Linux system, you can:

  • Manage servers remotely.
  • Transfer files securely.
  • Enhance the overall security of your system.

Step 1: Installing the SSH Server

To begin using SSH, follow these steps to install and enable the SSH server on your Rocky Linux system.

  1. Update Your System
    Ensure your system is up-to-date: 
    sudo dnf update -y
  2. Install the OpenSSH Server Package
    Use the following command to install the SSH server: 
    sudo dnf install -y openssh-server
  3. Check the SSH Service Status
    Verify if the SSH service is running: 
    sudo systemctl status sshd

    If the service is inactive, proceed to start and enable it.

  4. Start and Enable the SSH Service
    Start the SSH service: 
    sudo systemctl start sshd

    Enable it to start automatically at boot:

    sudo systemctl enable sshd
  5. Open the SSH Port in the Firewall
    Allow SSH traffic through the firewall: 
    sudo firewall-cmd --permanent --add-service=ssh
sudo firewall-cmd --reload
  6. Test the Installation
    Verify the SSH server is operational by running a local test: 
    ssh localhost

    If successful, the SSH server is ready for remote connections.

Step 2: Connecting to the SSH Server

  1. Find Your Server’s IP Address
    Run this command to find the IP address of your server: 
    ip addr
  2. Connect Using SSH
    Use the ssh command to connect to the server from a client system: 
    ssh username@<IP-address>

    Replace username with your system’s username and <IP-address> with your server’s IP address.

  3. Verify the Connection
    Once you enter your password, you should be logged into the server.

Step 3: Securing Your SSH Server

For added security, modify the SSH configuration:

  1. Edit the SSH Configuration File
    Open the configuration file: 
    sudo vim /etc/ssh/sshd_config
  2. Change the Default Port
    Update the port to a non-standard number (e.g., 2222): 
    Port 2222
  3. Disable Root Login
    Prevent root login to enhance security: 
    PermitRootLogin no
  4. Allow Specific Users
    Limit access to specific users: 
    AllowUsers your_username
  5. Apply and Restart
    Save the file, validate it, and restart the SSH service: 
    sudo sshd -t
sudo systemctl restart sshd
  6. Update SELinux Settings
    If SELinux blocks the new port, allow it using: 
    sudo semanage port -a -t ssh_port_t -p tcp 2222
  7. Update the Firewall
    Open the new port in the firewall: 
    sudo firewall-cmd --permanent --add-port=2222/tcp
sudo firewall-cmd --reload

Step 4: Enable Key-Based Authentication

  1. Generate an SSH Key Pair
    On your client system, generate a key pair: 
    ssh-keygen -t rsa -b 4096
  2. Copy the Public Key to the Server
    Use the ssh-copy-id command to transfer the public key: 
    ssh-copy-id username@<IP-address>
  3. Disable Password Authentication
    For maximum security, disable password-based login: 
    sudo vim /etc/ssh/sshd_config
PasswordAuthentication no
  4. Restart SSH
    Apply the changes by restarting the SSH service: 
    sudo systemctl restart sshd

Step 5: Troubleshooting Common Issues

  1. Ensure the Firewall is Configured
    Verify the SSH port is open: 
    sudo firewall-cmd --list-all
  2. Validate Configuration Syntax
    Check for syntax errors in the SSH configuration file: 
    sudo sshd -t
  3. Check SELinux Logs
    If issues persist, review SELinux logs for any denials: 
    sudo ausearch -m avc -c sshd

FAQs

Q1: How do I find the IP address of my server?
Use the ip addr command to view the network details.

Q2: Can I use a different port for SSH?
Yes, update the port in /etc/ssh/sshd_config and restart the SSH service.

Q3: How do I connect to an SSH server from Windows?
Use tools like PuTTY or MobaXterm.

Q4: What if SELinux blocks my SSH port?
Allow the port using semanage as shown above.

Q5: Is it necessary to disable root login?
Yes, disabling root login significantly reduces security risks.

Conclusion

By following this guide, you have successfully set up SSH on your Rocky Linux system, secured it with best practices, and enabled key-based authentication for enhanced security.

📹 Watch the detailed video tutorial here: How to Set Up SSH for Secure Remote Access on Rocky Linux

Stay tuned for more tutorials, and don’t forget to share your feedback in the comments!

See also:

List of monitoring tools 

Linux Blogs

AWS Cloud Blogs

Database Blogs

DevOps Blogs

Interview Questions & Answers

Docker Blogs

Google Cloud Blogs





Related Posts



Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.