Managing SSH

Nov 18, 2025
rhcsa

Setting up SSH Key-Based Login

  • ssh-keygen
  • ssh-copy-id

Caching SSH Keys

  • ssh-agent /bin/bash allocates space in the bash shell to cache the private key passphrase
  • ssh-add adds the current passphrase to the cache
  • The GNOME graphical shell runs the gnome-keyring daemon that automatically caches ssh private key passphrases

SSH Server Options

  • Options are set in /etc/ssh/sshd_config
  • The AllowUsers parameter is not included in the default config, but can be used to give only specific users the ability to log in

Securely Copying Files

  • scp

Securely Syncing Files

  • rsync

Lab Exercise

  1. Set up your SSH server in such a way that:
    • SSH offers services on port 2222
    • The user root is allowed to log in
  2. Set up your SSH server in such a way that:
    • SSH offers services on port 22
    • The root user is not allowed to log in
    • The user, bob, is the only user allowed to log in

:::details Solution

  1. cat << EOF >> /etc/ssh/sshd_config.d/90-custom.conf
> Port 2222
> PermitRootLogin yes
EOF
semanage port -a -t ssh_port_t -p tcp 2222
firewall-cmd --permanent --service --add-port 2222/tcp
firewall-cmd --reload
systemctl restart sshd
  2. rm /etc/ssh/sshd_config.d/90-custom.conf
semanage port -d -t ssh_port_t -p tcp 2222
firewall-cmd --permanent --service --remove-port 2222/tcp
firewall-cmd --reload
systemctl restart sshd

- Clint Jordan