Setup ssh server. How to with step by step instructions and explanations

I will describe here how to setup ssh server to be able to establish secure connection to Linux Server. There is also step by step instructions with some explanations. То же самое по русски

In my post “What is ssh/sftp, what is it for?” I wrote how to prepare the ssh client to control Linux server, generate keys and get authorized_keys2 file on a USB drive.

How to setup ssh server for Linix

If you do not use our virtual machine template to setup Linux Server, then You have to make following steps (For those who are not very familiar with Linux, I recommend to read my posts “A few words about the Linux” and “Linux Commands. The very short description”):
Setup ssh server. How to with step by step instructions and explanations

Fig. 1. Transfer file authorized_keys2 to the server

 1. It is necessary to transfer authorized_keys2 file to the server using sftp (Fig. 1). How to use sftp in order to secure transfer files I wrote in posts “sftp client. Brief description.” (Linux and OSX), “PSFTP – SFTP PuTTY client for Windows” and “SSH client for Windows Bitvise Tunnelier“. Let’s suppose, Linux Server IP address is 192.168.22.4 and the user name is admin.
sftp root@192.168.22.4
One have to enter the root password on request and after getting
Connected to 192.168.22.4
type
put author*
and after the file transfer is complete, type
exit

 2. Guess a good password for the user admin (I wrote about good password here).

 3. Log in to the server via ssh client as user root (Unfortunately, this is allowed in Linux distributions with the default settings).
ssh root@192.168.22.4
type the root password upon request, and if password is OK, You should get:
Last login: Mon Nov 4 10:46:38 2016 from 192.168.14.6
[root@www ~]#
Now You are superuser on this server

 4. Create user admin and set it’s password. If you do not like the user name admin, you can choose any other user name and everywhere you have to replace admin with the selected name.
[root@www ~]# useradd admin 
[root@www ~]# passwd admin
and twice type user’s admin password
Changing password for user admin.
New password:
Retype new password:
passwd: all authentication tokens updated successfully.

 5. Go to the admin user home directory, create the .ssh folder, transfer there authorized_keys2 file and set the necessary access rights (Fig. 2)
cd /home/admin
mkdir .ssh
chmod 0700 .ssh
mv /root/authorized_keys2 .ssh/
chown -R admin.admin .ssh

Setup ssh server. How to with step by step instructions and explanations

Fig. 2. Creating user admin

 6. Then, using editor vi one have to change ssh server configuration file. How to use the vi editor described in the post “Editor vi. Short manual“.
delete the old configuration file
rm /etc/ssh/sshd_config
rm: remove regular file `/etc/ssh/sshd_config’? y
confirm file deletion (press «y») and create a new one
vi /etc/ssh/sshd_config
Then, in the opened vi editor’s window type command «i» (insert), copy the entire configuration file below and paste it into the vi editor’s window.

# This is ssh server systemwide configuration file.
Port 22
Protocol 2
ListenAddress 0.0.0.0
#ListenAddress ::
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
ServerKeyBits 1024
LoginGraceTime 60
KeyRegenerationInterval 3600
PermitRootLogin no
IgnoreRhosts yes
IgnoreUserKnownHosts yes
StrictModes yes
X11Forwarding no
#X11DisplayOffset 10
PrintMotd yes
KeepAlive yes
# Logging
SyslogFacility AUTH
LogLevel INFO
#RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication no
PasswordAuthentication no
PermitEmptyPasswords no
AllowUsers admin
#PAMAuthenticationViaKbdInt yes
# Uncomment if you want to enable sftp
Subsystem       sftp    /usr/libexec/openssh/sftp-server
MaxStartups 10:30:60

You should see the exact text, like this one. If so, then to exit insert mode it is necessary to press the «esc» and then, the sequence «:wq» to save the file and exit the editor (Figure 3.).

Setup ssh server. How to with step by step instructions and explanations

Fig. 3.Server ssh configuration file

What it will give us:

Firstly, we have disabled ssh secure login by entering the password – now to login via ssh user must have the secret key in the client’s computer and to know its password, an correspondent open (public) key should be in authorized_keys2 file on the server. This is only way to establish secure ssh connection to the server. This is significantly reduces the risk of cracking password by brute force attaсk. (You can see such attempts in the logs of your server).

Secondly, we have disabled login for user root via ssh connection at all. To become superuser root, logged in user have also to know user root password for su (sudo) command.

Thirdly, the login to the server is allowed only to the user with the name admin and all other user names will be rejected. (I think, that to change user name admin to something else, which no one knows is a good idea).

 7. Restart the ssh server:
/etc/init.d/sshd restart
Stopping sshd:                                             [  OK  ]
Starting sshd:                                               [  OK  ]

 8. Now it is time to check:
ssh admin@192.168.22.4
type password of the ssh key and one should receive as in the Fig. 4
Last login: Tue Jan 28 22:46:48 2017 from 192.168.14.6
[admin@www ~]$
Then, if you have successfully logged in to the server (that should be), it’s done.
That is, we got to our Linux server as an admin user to the folder /home/admin or ~.

 9. Due to security restrictions, secure SSH connection to the server is allowed only for users who do not have root privileges, and if one wants to execute commands as root or became superuser root, it is necessary to use sudo or su commands (Fig. 4).

[admin@www ~]$ su
Password: Enter the root password by request
[root@www admin]#
Setup ssh server. How to with step by step instructions and explanations

Fig. 4. Login on the server

Now you are superuser root and have full control over your Linux server. You are allowed to install and uninstall application services, for example  e-mail server, web-server, WEB-site and so on..

You can also try to log into using ssh secure connection as root directly.  And You should be rejected.

So, followed instructions above, we have successfully set up ssh server to establish secure connection and install application services, which we need.

I have described here how to setup ssh server to be able to establish secure connection to Linux Server. There is also step by step instructions with some explanations.

, ,

No comments yet.

Leave a Reply