How to install OpenSSH on Linux

Home > Search > How-to

Use apt-get or yum to install OpenSSH.

[root@server1 ~]# yum install openssh-server


Enable OpenSSH. start OpenSSH, and ensure OpenSSH is active and running.

[root@server1 ~]# systemctl enable sshd
[root@server1 ~]# systemctl start sshd
[root@server1 ~]# systemctl status sshd


After OpenSSH is active and running, connect using the Linux Terminal or connect using PuTTY. If you are unable to connect to the SSH server, view the SSH logs.

[root@server1 ]# tail /var/log/auth.log
[root@server1 ]# tail /var/log/secure


The last command can be used to confirm that a user is able to make an SSH connection to the OpenSSH server. In this example, john.doe made an SSH connection to the server from Root did not make an SSH connection to the server, as root connected from, which is the same exact hostname as the OpenSSH server in this example.

[root@server1 ~]# last
john.doe  /dev/pts/0  Thu Jan 12 12:04  still logged in
root      /dev/tty1  Wed Jan 11 12:54 - 13:13  (00:19)
reboot    system boot  3-10-0-327.e17.x     Wed Jan 11 12:52 - 13:10  (00:01)
. . .


The /var/log/auth.log or /var/log/secure file will also show SSH connections. In this example, john.doe made an SSH connection to the OpenSSH server.

[root@server1 ~]# tail /var/log/secure
May  6  21:29:10 server1 sshd[15970]: pam_unix(sshd:session): session open for user john.doe by (uid=0)
. . .
May  6  21:51:09 server1 sshd[15970]: pam_unix(sshd:session): session closed for user john.doe




To ensure the OpenSSH server is secured, view the /var/log/auth.log or /var/log/secure file.

[root@server1 ]# 
tail -30 /var/log/auth.log
tail -30 /var/log/secure


The log typically has attempted connections from foreign IP addresses with a message such as refused connect from foreign ip address.


If the log file shows numerous events from a foreign IP address with sshd and message Failed password for root from ip address, this means connections to the OpenSSH server from external hosts is allowed. In this example, an external host is attempting using brute force in an attepmpt to guess the root password to make an SSH connection to our server. In this scenario, the /etc/hosts.allow, /etc/hosts.deny or iptables was not properly configured to refuse SSH connections from foreign hosts.



By default, OpenSSH is configured to allow connections using the following methods:

  • username / password
  • public / private key pair (PKI)

For the best security, configure OpenSSH to only allow connections using a public / private key pair.


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter in the box below so that we can be sure you are a human.