How to Install OpenSSH Server In Linux

Being a network administrator requires deep knowledge of remote login protocols such as rlogin, telnet, and ssh. The one I will discuss in this article is ssh.

SSH is a secure remote protocol that is used to work remotely on other machines or transfer data between computers using SCP (Secure Copy) command. But, what is OpenSSH, and how to install it in your Linux distribution?

What is OpenSSH?

OpenSSH is a free open-source set of computer tools used to provide secure and encrypted communication over a computer network by using the ssh protocol. Many people, new to computers and protocols, create a misconception about OpenSSH, they think it is a protocol, but it is not, it is a set of computer programs that use the ssh protocol.

OpenSSH is developed by the Open BSD group and it is released under a Simplified BSD License. A main factor that has made it possible for OpenSSH to be used so much among system administrators is its multi-platform capability and very useful nice features it has.

The latest version is OpenSSH 9.3 which has been released on 15 March 2023 and comes with many new features and patches, so if you already use OpenSSH for administering your machines, I suggest you do an upgrade or install ssh from the source.

Why Use OpenSSH Over Telnet Or Ftp?

The most important reason why one should use OpenSSH tools over ftp and Telnet is that all communications and user credentials using OpenSSH are encrypted, and they are also protected from man-in-middle attacks. If a third party tries to intercept your connection, OpenSSH detects it and informs you about that.

OpenSSH Features

  • Secure Communication
  • Strong Encryption (3DES, Blowfish, AES, Arcfour)
  • X11 Forwarding (encrypt X Window System traffic)
  • Port Forwarding (encrypted channels for legacy protocols)
  • Strong Authentication (Public Key, One-Time Password, and Kerberos Authentication)
  • Agent Forwarding (Single-Sign-On)
  • Interoperability (Compliance with SSH 1.3, 1.5, and 2.0 protocol Standards)
  • SFTP client and server support in both SSH1 and SSH2 protocols.
  • Kerberos and AFS Ticket Passing
  • Data Compression

Install OpenSSH Server on Linux

To install OpenSSH, open a terminal and run the following commands with superuser permissions.

On Debian/Ubuntu/Linux Mint

On Debian-based distributions, you can use the following apt command to install the openssh server and client as shown.

$ sudo apt install openssh-server openssh-client
Install OpenSSH in Debian Systems
Install OpenSSH in Debian Systems

On RHEL/Centos/Fedora

On RedHat-based distribution, type the following yum command to install the openssh server and client.

# yum -y install openssh-server openssh-clients
Install OpenSSH in RedHat Systems
Install OpenSSH in RedHat Systems

Configure OpenSSH Server in Linux

It’s time to configure our OpenSSH behavior through the ssh config file, but before editing the /etc/ssh/sshd_config file we need to back up a copy of it, so in case we make any mistake we have the original copy.

Open a terminal and run the following cp command to make a copy of the original sshd configuration file.

$ sudo cp /etc/ssh/sshd_config  /etc/ssh/sshd_config.original_copy

As you can see from the command I typed, I added the original_copy suffix, so every time I see this file I know it is an original copy of the sshd config file.

How Do I Connect to OpenSSH

Before we go further, we need to verify if our openssh server is working or not. How to do that? You can try to connect to the openssh server from your localhost through your openssh client or do a portscan with nmap, but I like to use a small tool called netcat, also known as the TCP/IP Swiss army knife. I love working with this amazing tool on my machine, so let me show it to you.

# nc -v -z 127.0.0.1 22
Verify SSH Connection
Verify SSH Connection

Referring to the netcat results, the ssh service is running on port 22 on my machine. Very good! What if we want to use another port, instead of 22? We can do that by editing the sshd configuration file.

Change SSH Port

Set your OpenSSH to listen on TCP port 13 instead of the default TCP port 22. Open the sshd_config file with your favorite text editor and change the port directive to 13.

Port 13
Change SSH Port
Change SSH Port

Restart the OpenSSH server so the changes in the config file can take place by typing the following command and running netcat to verify if the port you set for listening is open or not.

$ sudo systemctl restart sshd

Should we verify if our openssh server is listening on port 13, or not? This verification is necessary, so I am calling my lovely tool netcat to help me do the job.

# nc -v -z 127.0.0.1 13
Check SSH Connection
Check SSH Connection

Do you like to make your openssh server display a nice login banner? You can do it by modifying the content of the /etc/issue.net file.

$ nano /etc/issue.net

Paste the following banner message.

Authorized access only!

If you are not authorized to access or use this system, disconnect now!

Next, add the following line inside the sshd configuration file.

Banner /etc/issue.net
Add SSH Banner
Add SSH Banner

After making changes to the SSH configuration, make sure to restart.

$ sudo systemctl restart sshd
Conclusion

There are many things you can do with the openssh tools when it comes to the way you configure your openssh server, I can say that your imagination is the limit!

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Oltjano Terpollari
Hi guys, I am a computer Geek and I go by the name Ambition. I do security stuff and I am studying computer engineering. I love programming and Linux.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

9 Comments

Leave a Reply
  1. Hey,

    Trouble here .. : (

    After I changed the ssh port to 13 I’m not able to login via putty (Connection timeout error) what to do now ?

    Command : nc -v -z 127.0.0.1 13
    Ran succeed..

    Reply
    • I think you article is missing that the port you change to should be open first to connect from outside, it could lock down servers for newbies.

      Reply
  2. nice simple article. I would go into a little more detail about why to and why not to change the port. This is a very debated thing.

    Reply
  3. One problem I notice with your post is that you say ‘How Do I Connect to OpenSSH’ and then you promptly say ‘Before we go further, we need to verify….’ and then you proceed to give your conclusion without ever detailing anything about how to connect.

    You simply show how to verify via netcat and then talk about a nice banner.

    Please tell me my eyes don’t fail me ?

    I think you should provide a lot more detail and examples for this post to be of any value.

    Reply
  4. Use yum install nc.x86_64 for netcat Red hat and centos .It worked for me in case of Red hat.
    Sometime you need net cat for openssh

    Reply
  5. Lots of Thanks.. Your all posts are reliable guide for every linux professional and newbie.
    Please guide to install Squid proxy server with Dansguardian content filter on Ubuntu 14.04..so please post a stepwise procedure on How to Install and Configure Squid with Dansguardian on Ubuntu 14.04 soon. Please post asap……. I’ve read, searched and tried so many forums/sites/blogs for the same but can’t find any reliable source.

    Reply
  6. Nicely done. I am working with two computers on a home LAN to fully explore SSH and your page concisely puts the basics together. I am running Ubuntu 12.04 LTS and OpenSSH on an old Mac mini and connecting via my new Mac mini running OS X Mavericks (10.9.) Some reference books leave out details like the script that starts the server which you need to know to do a restart after configuration change or how to simply verify that the server is listening on a port, for example. Thanks again.

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.