Use apt-get or yum to install OpenSSH.
[root@server1 ~]# yum install openssh-server
Enable OpenSSH. start OpenSSH, and ensure OpenSSH is active and running.
[root@server1 ~]# systemctl enable sshd [root@server1 ~]# systemctl start sshd [root@server1 ~]# systemctl status sshd
[root@server1 ]# tail /var/log/auth.log [root@server1 ]# tail /var/log/secure
The last command can be used to confirm that a user is able to make an SSH connection to the OpenSSH server. In this example, john.doe made an SSH connection to the server from client1.example.com. Root did not make an SSH connection to the server, as root connected from server1.example.com, which is the same exact hostname as the OpenSSH server in this example.
[root@server1 ~]# last john.doe /dev/pts/0 client1.example.com Thu Jan 12 12:04 still logged in root /dev/tty1 server1.example.com Wed Jan 11 12:54 - 13:13 (00:19) reboot system boot 3-10-0-327.e17.x Wed Jan 11 12:52 - 13:10 (00:01) . . .
The /var/log/auth.log or /var/log/secure file will also show SSH connections. In this example, john.doe made an SSH connection to the OpenSSH server.
[root@server1 ~]# tail /var/log/secure May 6 21:29:10 server1 sshd: pam_unix(sshd:session): session open for user john.doe by (uid=0) . . . May 6 21:51:09 server1 sshd: pam_unix(sshd:session): session closed for user john.doe
To ensure the OpenSSH server is secured, view the /var/log/auth.log or /var/log/secure file.
[root@server1 ]# tail -30 /var/log/auth.log tail -30 /var/log/secure
The log typically has attempted connections from foreign IP addresses with a message such as refused connect from foreign ip address.
If the log file shows numerous events from a foreign IP address with sshd and message Failed password for root from ip address, this means connections to the OpenSSH server from external hosts is allowed. In this example, an external host is attempting using brute force in an attepmpt to guess the root password to make an SSH connection to our server. In this scenario, the /etc/hosts.allow, /etc/hosts.deny or iptables was not properly configured to refuse SSH connections from foreign hosts.
By default, OpenSSH is configured to allow connections using the following methods:
- username / password
- public / private key pair (PKI)
For the best security, configure OpenSSH to only allow connections using a public / private key pair.