Skip to content
All about technology.All about data & cloud computing.

Configuring SSH Server and Utilizing SSH Client on AlmaLinux 9

Master SSH server setup and SSH client usage in AlmaLinux 9 for secure distant administration.

 and  Administrator
3 min read
Setting Up an SSH Server on AlmaLinux 9 and Utilizing an SSH Client
Setting Up an SSH Server on AlmaLinux 9 and Utilizing an SSH Client

Configuring SSH Server and Utilizing SSH Client on AlmaLinux 9

**Securing Your SSH Server on AlmaLinux 9: A Comprehensive Guide**

Setting up and securing an SSH server on AlmaLinux 9 is essential for maintaining a robust and secure network. This guide outlines the steps to install, configure, and secure your SSH server, as well as providing examples for file transfers.

**1. Install and Enable SSH Server on AlmaLinux 9**

AlmaLinux 9 uses the OpenSSH daemon (`sshd`) for SSH service. To install and enable the SSH server, run the following commands:

```bash sudo dnf install -y openssh-server sudo systemctl enable sshd sudo systemctl start sshd sudo systemctl status sshd ```

**2. Secure SSH Server Configuration**

To enhance security, modify the SSH server configuration file `/etc/ssh/sshd_config`. Some recommended changes include:

- **Disable root login over SSH:**

```bash PermitRootLogin no ```

- **Use key-based authentication instead of passwords:**

```bash PasswordAuthentication no ```

- **Limit SSH protocol to version 2 only:**

```bash Protocol 2 ```

- **Restrict user logins to specific users (optional):**

```bash AllowUsers your-username ```

- **Change default SSH port (optional to reduce automated attacks):**

```bash Port 2222 ```

After making edits, reload the SSH daemon:

```bash sudo systemctl reload sshd ```

**3. Set Up SSH Key-Based Authentication**

On your local machine, generate an SSH key pair if not already done:

```bash ssh-keygen -t rsa -b 4096 -C "[email protected]" ```

Copy the public key to the AlmaLinux server:

```bash ssh-copy-id your-username@server-ip ```

Create an SSH config file on your client machine (`~/.ssh/config`) for convenience and enhanced security:

```bash Host alma-server HostName server-ip User your-username IdentityFile ~/.ssh/id_rsa Port 2222 # if you changed default port ```

**4. Firewall and Additional Security**

Ensure your firewall allows the SSH port (default 22 or custom):

```bash sudo firewall-cmd --permanent --add-port=22/tcp sudo firewall-cmd --reload ```

Or if you changed the port:

```bash sudo firewall-cmd --permanent --add-port=2222/tcp sudo firewall-cmd --reload ```

Optionally, install `fail2ban` to block IPs with repeated failed login attempts.

**5. Secure File Transfer Methods**

**SCP** and **SFTP** are common methods to transfer files securely over SSH. To copy a file to the server using SCP, run:

```bash scp -P 2222 /path/to/localfile your-username@server-ip:/remote/path/ ```

For an interactive SFTP session, use:

```bash sftp -P 2222 your-username@server-ip ```

**6. Example: SSH Login and File Transfer**

1. **Connect to AlmaLinux 9 SSH server with key:**

```bash ssh -i ~/.ssh/id_rsa -p 2222 your-username@server-ip ```

Or using the SSH config alias:

```bash ssh alma-server ```

2. **Copy a file to the server:**

```bash scp -P 2222 ~/Documents/example.txt your-username@server-ip:/home/your-username/ ```

3. **Download a file from the server:**

```bash scp -P 2222 your-username@server-ip:/home/your-username/example.txt ~/Downloads/ ```

By enforcing key-based authentication, disabling root login, using a non-standard port, and limiting allowed users, your AlmaLinux 9 SSH server will be much more secure. Use SCP or SFTP over this secured SSH connection for safe file transfers.

For even more advanced authentication, consider OpenSSH certificate authentication, supported in modern environments such as Azure Linux VMs, but keys usually suffice for typical setups.

References:

- Key-based SSH login and config file automation. - SSH client connection examples and secure file transfer usage. - Disable password authentication in the sshd_config file to enhance security. - Secure File Transfer - Tunneling - If it's running, you're ready to accept SSH connections. - Remote Command Execution - yum install openssh-server - firewall-cmd --permanent --zone=public --add-port=22/tcp - systemctl enable sshd - SCP (Secure Copy Protocol) and SFTP (Secure File Transfer Protocol) are supported by SSH for secure file transfers. - To use SFTP for file transfers, use the sftp command followed by the server's IP address or hostname. - The public key can be manually copied to the `~/.ssh/authorized_keys` file on the server. - Replaces older protocols like Telnet and rlogin - The SSH client can automatically use a private key when SSH key-based authentication is set up. - To use SCP for file transfers, use the scp command followed by the source file, destination server, and destination file.

  1. Employing key-based authentication strengthens the security of data transfers over the SSH network on AlmaLinux 9, as it reinforces the use of private keys instead ofPasswords.
  2. To fortify the security of your Data-and-Cloud-Computing infrastructure, consider implementing options such as limiting user logins to specific users, modifying the SSH port number, and using technology like fail2ban to block IPs with repeated failed login attempts.
  3. In addition to reinforcing key-based authentication and secure file transfer methods (such as SCP and SFTP), ensuring your firewall allows the SSH port and upgrading your network's technology can help bolster the security of your data against potential attacks.

Read also:

    Related

    Latest