Configuring SSH

Once SSH is installed, it can be configured through two primary configuration files:

  • sshd_config: This file configures the SSH daemon (server-side settings).
  • ssh_config: This file configures the SSH client.

sshd_config (Server Configuration)

The sshd_config file is located in /etc/ssh/sshd_config on most systems. It controls how the SSH server behaves and can be adjusted for security, user permissions, and network settings.

Key parameters in sshd_config include:

  • Port: Specifies which port SSH listens on (default is 22).

    Port 22
    
  • PermitRootLogin: Controls whether root can log in via SSH. It is recommended to disable root login for security.

    PermitRootLogin no
    
  • PasswordAuthentication: Determines if password-based authentication is allowed. Public key authentication is more secure and can be enforced by disabling password authentication.

    PasswordAuthentication no
    

After making changes, restart the SSH service:

$ sudo systemctl restart ssh

ssh_config (Client Configuration)

The ssh_config file is located in /etc/ssh/ssh_config or ~/.ssh/config and defines client-side settings. It can be used to simplify SSH commands and specify default options for specific hosts.

Some common entries in ssh_config include:

  • Host: Defines settings for specific hosts.

    Host example
      HostName example.com
      User username
      Port 22
    
  • IdentityFile: Specifies the SSH private key file for authentication.

    IdentityFile ~/.ssh/id_rsa
    

These settings allow users to connect to hosts more efficiently without specifying options on the command line each time.


With SSH configured, users can now connect to remote systems securely and efficiently. In the following sections, more advanced configuration topics will be explored.