Thesshd (Secure Shell Daemon) is a critical component of the OpenSSH suite, which provides secure remote login and other secure network services. It handles incoming SSH connections and allows users to securely access and manage systems over a network.
Here are some common tasks you might perform withsshd on a Linux system:
Installing OpenSSH Server
On most Linux distributions, you can install the OpenSSH server using your package manager.
Debian/Ubuntu:
sudo apt update sudo apt install opensshserver
CentOS/RHEL:
sudo yum install opensshserver
Fedora:
sudo dnf install opensshserver
Starting and Enablingsshd
After installation, you need to start the service and enable it to run at boot.
Systemd (most modern distributions):
sudo systemctl start sshd sudo systemctl enable sshd
SysVinit (older distributions):
sudo service sshd start sudo chkconfig sshd on
Configuring `sshd`
The main configuration file forsshd is/etc/ssh/sshd_config. You should edit this file carefully, as incorrect settings can lock you out of your server.
Common configuration options include:
Port: Change the default port from 22 to something else for added security.
Port 2222
PermitRootLogin: Disable root login for better security.
PermitRootLogin no
PasswordAuthentication: Enable or disable password authentication.
PasswordAuthentication yes
AllowUsers: Restrict logins to specific users.
AllowUsers user1 user2
DenyUsers: Deny logins for specific users.
DenyUsers baduser1 baduser2
PubkeyAuthentication: Enable public key authentication.
PubkeyAuthentication yes
After making changes to/etc/ssh/sshd_config, restart thesshd service to apply them.
Systemd:
sudo systemctl restart sshd
SysVinit:
sudo service sshd restart
Managing Access Control with Firewalls
Ensure that your firewall allows traffic on the SSH port (default is 22).
UFW (Uncomplicated Firewall):
sudo ufw allow 22/tcp sudo ufw enable
FirewallD:
sudo firewallcmd permanent addservice=ssh sudo firewallcmd reload
Checking Logs
Logs related tosshd can be found in/var/log/auth.log (on Debian/Ubuntu) or/var/log/secure (on CentOS/RHEL). These logs can help you troubleshoot issues with SSH connections.
Troubleshooting Common Issues
1、Connection Refused: Ensuresshd is running and the correct port is open.
sudo systemctl status sshd sudo netstat tuln | grep 22
2、Permission Denied: Check permissions on the~/.ssh directory and files.
chmod 700 ~/.ssh chmod 600 ~/.ssh/authorized_keys
3、Host Key Mismatch: This usually happens when the host key has changed. You can remove the old key from~/.ssh/known_hosts.
sshkeygen R [hostname]
By following these steps, you can effectively manage and secure your SSH daemon on a Linux system.