By default, SSH connections allow remote access to the server, but leaving the settings as-is may expose security risks. To mitigate these, we will modify the configuration accordingly.
While SSH settings are generally consistent across Linux distributions, this guide specifically covers configuration on Arch Linux.
Installing OpenSSH #
On the server, install OpenSSH using the following command:
sudo pacman -S opensshConfiguring the SSH Daemon #
Edit the SSH daemon configuration file at /etc/ssh/sshd_config to enhance security.
Restricting Access to Specific Users #
To allow SSH access only for specific users, add the following line:
AllowUsers <allowed_user>Disabling Root Login #
For security reasons, disable SSH login for the root account by modifying the following line:
PermitRootLogin noChanging the SSH Port #
By default, SSH runs on port 22, which is commonly known and frequently targeted by attackers. Changing this to a random number (e.g., 50134) improves security. Modify the following line:
Port 50134Starting and Enabling the SSH Daemon #
Start the SSH daemon with:
sudo systemctl start sshd.serviceTo enable SSH to start automatically on boot, run:
sudo systemctl enable sshd.serviceVerifying SSH Access from the Client #
From the client PC, connect to the server using:
ssh -p 50134 <user>@<server_ip>Appendix #
For improved security, consider switching to key-based authentication instead of password authentication. Check out the guide on SSH Key Authentication Setup for details.