Complete Guide to SSH Server Setup and Firewall Configuration on CentOS 8
This guide covers SSH server configuration, firewall management using Firewalld, and essential network commands on CentOS 8. Important Note: CentOS 8 reached its End of Life (EOL) in December 2021. It is strongly recommended to migrate to a supported alternative such as CentOS Stream, Rocky Linux, or AlmaLinux. The following instructions are provided for reference on existing CentOS 8 systems.
SSH Server Configuration
SSH (Secure Shell) is the standard protocol for secure remote server administration. OpenSSH server is typically pre-installed on CentOS 8.
- Install and Start SSH Service
# Install OpenSSH server (usually pre-installed) sudo dnf install openssh-server # Start the SSH service and enable auto-start on boot sudo systemctl start sshd sudo systemctl enable sshd # Verify service status sudo systemctl status sshd - Modify SSH Configuration
The main configuration file is located at
/etc/ssh/sshd_config. After making changes, restart the service withsudo systemctl restart sshd.# Change the default port (recommended for security) Port 2222 # Disable direct root login (recommended) PermitRootLogin no # Restrict allowed users (example) AllowUsers your_username # Enable public key authentication (more secure) PubkeyAuthentication yes
Firewall Configuration (Firewalld)
CentOS 8 uses Firewalld as its default dynamic firewall manager. While iptables can be used, it is being phased out in favor of nftables.
Basic Firewalld Management
# Check Firewalld status
sudo firewall-cmd --state
# Start, stop, and enable auto-start
sudo systemctl start firewalld
sudo systemctl stop firewalld
sudo systemctl enable firewalld
# Reload configuration (preserves active connections)
sudo firewall-cmd --reload
# Restart service (interrupts connections)
sudo systemctl restart firewalldCommon Firewalld Commands
# List allowed services
sudo firewall-cmd --list-services
# List allowed ports
sudo firewall-cmd --list-ports
# View all zone information
sudo firewall-cmd --list-all-zones
# Get the default zone
sudo firewall-cmd --get-default-zone
# Set default zone to 'public'
sudo firewall-cmd --set-default-zone=publicOpening Ports and Services
# Open default SSH port (22)
sudo firewall-cmd --add-service=ssh --permanent
# Open a custom TCP port (e.g., 8080)
sudo firewall-cmd --add-port=8080/tcp --permanent
# Open a range of TCP ports
sudo firewall-cmd --add-port=3000-3010/tcp --permanent
# Remove a port rule
sudo firewall-cmd --remove-port=8080/tcp --permanent
# Reload firewall to apply permanent rules
sudo firewall-cmd --reloadNote: The --permanent flag makes rules persistent across reboots. After adding permanent rules, you must execute --reload or restart the firewalld service.
Network Configuration and Management
CentOS 8 uses NetworkManager for network connection management.
# List all network connections
nmcli connection show
# Check device status
nmcli device status
# Show detailed device information
nmcli device show
# Reload configuration for a specific connection (e.g., eth0)
sudo nmcli connection reload eth0
# Restart NetworkManager service (use with caution)
sudo systemctl restart NetworkManagerSystem Updates and Language Support
# Update system packages using DNF
sudo dnf update
# Install Chinese language support (fixes terminal display issues)
sudo dnf install -y langpacks-zh_CN glibc-langpack-zh
# Set system locale to Chinese (optional)
sudo localectl set-locale LANG=zh_CN.UTF-8Security Recommendations
- Keep the system updated:
sudo dnf update. - Change the default SSH port and disable root login.
- Use SSH key-based authentication instead of passwords.
- Configure the firewall to allow only necessary ports.
- Consider using tools like Fail2ban to prevent brute-force attacks.
This guide provides essential steps for SSH setup, firewall management, and basic network operations on CentOS 8. Due to its EOL status, planning a migration to a supported Linux distribution is highly advised.