How to setup SSH & SFTP on CentOS 8

This is an important service for linux server. Especially you have to remote to your server which is on cloud or is rented. Anyways you will learn how to setup your SSH and sFTP in this post.

Step 1

Install SSH and start service on boot automatically 

The command in the line 1 is to install the openssh and openssh-server for the SSH service. And then you have to set SSH service will be launched on boot automatically(the line 2), and give this service permission to go through the firewall(the line 3 and 4.)


Step 2

Edit SSH config file

There are three principles you must need to follow.
(1) Restart the service after you made some changes to the config file.
(2) If you need to verify the changes works, just connect your server with a new connection.
(3) Don’t close the original ssh connection before you verify the change is effective.

This is the path of SSH config in CentOS. Let’s use vim to edit.


First, I want to explain these options, values, and meanings, so that you could understand how should you set them up and avoid making mistakes.

Setting options Acceptant values Meanings
Port The default value is 22.  The SSH service port number. If you want to change service port number, you can read this post.
AllowUsers The user name on this server. This option will control who can login server through SSH server.
PermitRootLogin yes/no If set ‘yes’ means that you permit login server using root. Conventionally I would recommend that set it ‘no’ after you make sure everything is right.
PasswordAuthentication yes/no It means does this server allowed login through user passwords or not.
AuthorizedKeyFile A file path on server. This file record the public keys which are allowed logon server.
PubkeyAuthentication yes/no If set ‘yes’ means that your server allow using ssh key to login, and that would be a safer option to your server.


I purposed 3 examples in different use cases. You have to find out the location of option and replace its value with correct value in your config file. Of course, you need to restart service to apply changes when you finished edit.

I would recommend you that use case 1 to check your SSH service works fine. If SSH service works fine, I extremely recommend you set your SSH following case 2. It satisfies almost all operations and has protections by the ssh key as well.

  1. Your server’s power users can use the passwords to login server.
  2. Your server’s power user is permitted login server using ssh key.
  3. Your server’s root and power users are allowed login server using ssh key.


Step 3

How to produce SSH Key.

This step is necessary if the PubkeyAuthentication is set as ‘yes’. The commands below is based on the terminal of Mac. Includes how to produce a pair of key and how to copy this key to your server

-f: It means the ssh key file path that you produced.

-i: It means the ssh key that you want to copy to server.
PowerUser@ServerIP: This represents your server IP and power user name, and it also means this key will represent to this power user.


Verify it through your terminal or any kind of ssh client software.
You would need to modify the config as the case 2 and restart the SSH service and don’t close the SSH connection before all of these has been verified.


Step 4

Tune on sFTP.

This is the simplest part of this post. You only need to find this option from config file and set it as following below:

And restart the SSH service, after then use the FTP client software to connect your server. Don’t forget to set your SSH key path and the port.


Andy Wang

Non-stop learning and facing challenges.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.