Skip to content

Linux SSH Configuration

Jump to bottom
Mattscreative edited this page Dec 5, 2025 · 2 revisions

Linux SSH Configuration Guide

Complete beginner-friendly guide to SSH configuration on Linux, covering Arch Linux, CachyOS, and other distributions including server setup, client configuration, key-based authentication, and security hardening.

Table of Contents

  1. Installing SSH
  2. SSH Server Configuration
  3. SSH Client Configuration
  4. Key-Based Authentication
  5. SSH Security
  6. Troubleshooting

Installing SSH

Install OpenSSH

Install SSH:

# Arch/CachyOS
sudo pacman -S openssh

# Debian/Ubuntu
sudo apt install openssh-server

# Fedora
sudo dnf install openssh-server

Enable SSH

Enable service:

# Enable service
sudo systemctl enable --now sshd.service

# Check status
systemctl status sshd

SSH Server Configuration

Configure SSH Server

Edit config:

# Edit SSH config
sudo vim /etc/ssh/sshd_config

Security settings:

# Disable root login
PermitRootLogin no

# Change port
Port 2222

# Disable password auth (use keys)
PasswordAuthentication no

# Allow specific users
AllowUsers username

# Disable empty passwords
PermitEmptyPasswords no

Restart SSH:

sudo systemctl restart sshd

SSH Client Configuration

SSH Client Config

Edit client config:

# Edit config
vim ~/.ssh/config

Example:

Host myserver
    HostName server.example.com
    User username
    Port 2222
    IdentityFile ~/.ssh/id_rsa

Connect

Connect to server:

# Basic connection
ssh user@server

# With config
ssh myserver

# With key
ssh -i ~/.ssh/key user@server

Key-Based Authentication

Generate Key

Create SSH key:

# Generate key
ssh-keygen -t ed25519 -C "your_email@example.com"

# Or RSA
ssh-keygen -t rsa -b 4096

Copy Key

Copy to server:

# Copy key
ssh-copy-id user@server

# Or manually
cat ~/.ssh/id_rsa.pub | ssh user@server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

SSH Security

Harden SSH

Security settings:

# Edit config
sudo vim /etc/ssh/sshd_config

Add:

PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
MaxAuthTries 3

fail2ban

Install fail2ban:

# Install fail2ban
sudo pacman -S fail2ban

# Enable
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Troubleshooting

Cannot Connect

Check service:

# Check SSH status
systemctl status sshd

# Check firewall
sudo ufw status

Permission Denied

Check permissions:

# Check key permissions
chmod 600 ~/.ssh/id_rsa
chmod 644 ~/.ssh/id_rsa.pub
chmod 700 ~/.ssh

Summary

This guide covered SSH configuration for Arch Linux, CachyOS, and other distributions, including server setup, client configuration, and security.

Next Steps

This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.

Clone this wiki locally