Skip to content

Arch Linux SSH Configuration

Jump to bottom
Mattscreative edited this page Dec 5, 2025 · 2 revisions

Arch Linux SSH Configuration Guide

Complete beginner-friendly guide to SSH configuration on Arch Linux, including server setup, client configuration, key-based authentication, and security hardening.

Table of Contents

  1. Installing SSH
  2. SSH Server Configuration
  3. SSH Client Configuration
  4. Key-Based Authentication
  5. SSH Security
  6. Troubleshooting

Installing SSH

Install OpenSSH

Install SSH:

# Install OpenSSH
sudo pacman -S openssh

# Enable service
sudo systemctl enable sshd
sudo systemctl start sshd

# Check status
systemctl status sshd

SSH Server Configuration

Configure SSH Server

Edit config:

# Edit SSH config
sudo vim /etc/ssh/sshd_config

Security settings:

# Disable root login
PermitRootLogin no

# Change port
Port 2222

# Disable password auth (use keys)
PasswordAuthentication no

# Allow specific users
AllowUsers username

# Disable empty passwords
PermitEmptyPasswords no

Restart SSH:

sudo systemctl restart sshd

SSH Client Configuration

SSH Client Config

Edit client config:

# Edit client config
vim ~/.ssh/config

Example:

Host myserver
    HostName server.example.com
    User username
    Port 2222
    IdentityFile ~/.ssh/id_ed25519

Connect:

ssh myserver

Key-Based Authentication

Generate SSH Key

Create key pair:

# Generate key
ssh-keygen -t ed25519 -C "your_email@example.com"

# Or RSA
ssh-keygen -t rsa -b 4096 -C "your_email@example.com"

Copy Public Key

Copy to server:

# Copy key
ssh-copy-id user@server

# Or manually
cat ~/.ssh/id_ed25519.pub | ssh user@server "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

SSH Security

Harden SSH

Security best practices:

# Edit config
sudo vim /etc/ssh/sshd_config

Add:

# Disable root
PermitRootLogin no

# Change port
Port 2222

# Use keys only
PasswordAuthentication no
PubkeyAuthentication yes

# Limit login attempts
MaxAuthTries 3

# Disable empty passwords
PermitEmptyPasswords no

Fail2ban

Install fail2ban:

# Install fail2ban
sudo pacman -S fail2ban

# Enable
sudo systemctl enable fail2ban
sudo systemctl start fail2ban

Troubleshooting

Connection Refused

Check service:

# Check SSH service
systemctl status sshd

# Check firewall
sudo ufw status

Permission Denied

Check permissions:

# Fix permissions
chmod 700 ~/.ssh
chmod 600 ~/.ssh/authorized_keys

Summary

This guide covered SSH installation, server/client configuration, key-based auth, and security.

Next Steps

This guide is based on the ArchWiki. For the most up-to-date information, always refer to the official ArchWiki.

Clone this wiki locally