What is SSH
Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. The best known example application is for remote login to computer systems by users. SSH provides a secure channel over an unsecured network in a client-server architecture, connecting an SSH client application with an SSH server.
Install and config OpenSSH on a CentOS server
OpenSSH is a suite of opensource programs for remote login based on SSH protocol, developed by the OpenBSD Project. Since it is free for all users, Most Linux distribution has openssh installed initially.
CentOS 7 provides
openssh-clients packages. The
openssh package should be initially installed. Note that
openssh package requires
openssl-libs to be installed on the system since it provides some very important cryptographic libraries.
To install the server and client package,
sudo yum -y install openssh-server sudo yum -y install openssh-clients
To start the SSH service in CentOS,
sudo systemctl start sshd.service
This will creat the OpenSSH daemon
sshd that listens for connections from clients via port 22. It forks a new daemon for each incoming connection. The forked daemons handle key exchange, encryption, authentication, command execution, and data exchange.
To turn off this service,
sudo systemctl stop sshd.service
If you wish to have the SSH daemon run automatically as the computer boots up, issue the command,
sudo systemctl enable sshd.service
This will allow the SSH service to run every time you start up your computer, which is normally started at boot from
The default configuration file for the
sshd daemon is
sshd_config under the directory
/etc/ssh/. We can uncomment the default settings and change what we want
Port 1234 # change port from 22(default) to 1234 PermitRootLogin no # disable root logins AllowUsers john jane # restrict login to user john and jane only over ssh DenyUsers smith # refuse login to user smith ListenAddress 192.168.1.150 # set the address that sshd listen to PermitEmptyPasswords no # reject logins with no passwords
Read OpenSSH Manual Pages to learn more.
Connecting on a Linux client using ssh command
To connect to our server, running the basic ssh command:
ssh <username>@<hostname or IP address>
<username> is the hostname of the server that you want to connect to. By default ssh will use the same username as on your client if you live
user as blanked. Such as
ssh <hostname or IP address>
<hostname or IP address> is the IP adress or the name of your server if your network have DNS service.
Since SSH use port 22 as default port, if you want to connect via other port, using
ssh user@host -p 1234
This will change port from 22(default) to 1234.
For the first login, it will ask you if you wish to add the remote host to a list of known hosts. Don’t worry, go ahead and say yes.
To end your SSH session, typing
exit command or
logout command. This will kill all the process and end SSH connection.
Read ssh Command - OpenSSH General Commands Manual to learn more.
Connecting on a client running Windows
SSH sees some limited use on Windows. In 2015, Microsoft announced that they would include native support for SSH in a future release.
To use ssh, you need either a ssh client program or a Linux-like shell environment. Here some clients are recommended:
Bitvise SSH Client is a free and flexible SSH Client for Windows includes state of the art terminal emulation, graphical as well as command-line SFTP support, an FTP-to-SFTP bridge, powerful tunneling features including dynamic port forwarding through integrated proxy, and remote administration for our SSH Server. Bitvise SSH Client installer is provided on Download Bitvise SSH Client
Comparison of SSH clients - Wikipedia compares a selection of notable clients.
Visual Studio Code, which is a free and cross-plateform code editor developed by Microsoft, can also open a remote folder on any remote machine, virtual machine, or container with a running SSH server with the help of the Visual Studio Code Remote - SSH extension. Following the documentation Remote Development using SSH to get started.
File transfers using scp command
SSH can not only login to remote hosts, but also provides file transfers between clients and servers.
scp command for secure copy (remote file copy program) between hosts over an encrypted connection based on SSH protocol. You can transfer files from your local client to a remote host or vice versa or even from a remote host to another remote host.
To copy a file from your computer to another computer(upload), type:
scp <file> <username>@<IP address or hostname>:<Destination>
For example, my server’s IP is 192.168.1.150. I run the following command on my client to copy a file called
test.txt from the local computer to a file by the same name on the server under directory
scp test.txt email@example.com:
Then I make another copy of
test.txt while changing the name to
readme.txt and specifying directory
scp test.txt firstname.lastname@example.org:/home/program/readme.txt
To copy the file back from the server(download), just reverse the from and to.
scp email@example.com:/home/program/readme.txt readme.txt
-r(recursive) option, SSH copy a whole directory recursively to a remote location. The following command copies a directory named
testprogram to the home directory of the user on the server.
scp -r testprogram firstname.lastname@example.org:
Read scp Command - OpenSSH General Commands Manual to learn more.
Keep your process alive
Normally linux will forcibly kill all process and jobs created by remote users once he logs out of the session or the session times out after being idle for quite some time.
We can use
nohup command to send our long running command to background so that we can continue while the command will keep on executing in background. After that we can safely log out.
nohup usage is
nohup [command] &
This will send the task to background with prompt returning immediately giving PID and job ID* of the process. i.e.
To check the status of command and bring it back to foreground once you resuming your SSH session, using
Sometimes you may have trouble keeping your SSH session up and idle. For whatever reason, the connection just dies after X minutes of inactivity. Usually this happens because there is a firewall between you and the internet that is configured to only keep stateful connections in its memory for 15 or so minutes.
Fortunately, in recent versions of OpenSSH, there is a fix for this problem. Simply put the following:
in the file
The file above can be used for any client side SSH configuration. See the ssh_config man page for more details. The ‘TCPKeepAlive yes’ directive tells the ssh client that it should send a little bit of data over the connection periodically to let the server know that it is still there. ‘ServerAliveInterval 60 sets this time period for these messages to 60 seconds. This tricks many firewalls that would otherwise drop the connection, to keep your connection going.