How to Install and Configure SSH Server in Rocky Linux 8/9
SSH (Secure Shell) is a secure way to connect to Linux servers remotely.
It allows administrators to manage systems, run commands, transfer files,
and keep communication safe through encryption.
In Rocky Linux 8/9, SSH server is provided by the package openssh-server.
1. Install SSH Server
sudo dnf install -y openssh-server
After installation, start and enable the SSH service:
sudo systemctl start sshd sudo systemctl enable sshd
2. Check SSH Service Status
systemctl status sshd
3. Allow SSH in Firewall
sudo firewall-cmd --permanent --add-service=ssh sudo firewall-cmd --reload
4. SSH Configuration File
Main configuration file: /etc/ssh/sshd_config
To apply changes, restart SSH service:
sudo systemctl restart sshd
5. Allow or Deny User Access
You can control which users can connect via SSH.
# Only allow user 'shahzad' AllowUsers shahzad # Deny specific users DenyUsers testuser
Edit /etc/ssh/sshd_config and add above lines, then restart sshd.
6. Connect to SSH Server
ssh username@server-ip
7. Passwordless SSH Connection (Key-based authentication)
To avoid typing passwords every time, you can use SSH keys.
Step 1: Generate SSH key pair on client machine:
ssh-keygen -t rsa -b 4096
Step 2: Copy public key to server:
ssh-copy-id username@server-ip
Step 3: Connect without password:
ssh username@server-ip
8. Manual Key Copy (if ssh-copy-id not available)
cat ~/.ssh/id_rsa.pub | ssh username@server-ip "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"
9. Improve SSH Security
- Change default SSH port (from 22 to another) in /etc/ssh/sshd_config
- Disable root login (PermitRootLogin no)
- Use only key-based authentication (PasswordAuthentication no)
- Allow only required users (AllowUsers)
- Use Fail2Ban or firewall to block brute force attacks
10. Verify SSH Logs
Check logs to see login attempts:
sudo journalctl -u sshd cat /var/log/secure
Conclusion
SSH is one of the most important services for Linux administrators.
In Rocky Linux 8/9, you can install, configure, and secure SSH easily.
By using key-based authentication and access rules, you can protect your server from attacks and manage it safely.