Configuring SSH
Once SSH is installed, it can be configured through two primary configuration files:
- sshd_config: This file configures the SSH daemon (server-side settings).
- ssh_config: This file configures the SSH client.
sshd_config (Server Configuration)
The sshd_config file is located in /etc/ssh/sshd_config
on most systems. It controls how the SSH server behaves and can be adjusted for security, user permissions, and network settings.
Key parameters in sshd_config
include:
Port: Specifies which port SSH listens on (default is 22).
Port 22
PermitRootLogin: Controls whether root can log in via SSH. It is recommended to disable root login for security.
PermitRootLogin no
PasswordAuthentication: Determines if password-based authentication is allowed. Public key authentication is more secure and can be enforced by disabling password authentication.
PasswordAuthentication no
After making changes, restart the SSH service:
$ sudo systemctl restart ssh
ssh_config (Client Configuration)
The ssh_config file is located in /etc/ssh/ssh_config
or ~/.ssh/config
and defines client-side settings. It can be used to simplify SSH commands and specify default options for specific hosts.
Some common entries in ssh_config
include:
Host: Defines settings for specific hosts.
Host example HostName example.com User username Port 22
IdentityFile: Specifies the SSH private key file for authentication.
IdentityFile ~/.ssh/id_rsa
These settings allow users to connect to hosts more efficiently without specifying options on the command line each time.
With SSH configured, users can now connect to remote systems securely and efficiently. In the following sections, more advanced configuration topics will be explored.