Skip to Content

Configurations to be enabled in sshd_config

Recommended SSHD settings in /etc/ssh/sshd_config   OpenSSH server config file.

 

Run the below command to display all the enabled settings and accepted key types in SSHD.

[email protected] ~]# sshd -T | grep -i 'AllowTcpForwarding\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|pubkeyacceptedkeytypes'

OR

[email protected] ~]# grep -v '^\s*#' /etc/ssh/sshd_config | grep -i 'AllowTcpForwarding\|PubkeyAuthentication\|PasswordAuthentication\|Match Address\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|key'^ ; sshd -T | grep -i pubkeyacceptedkeytypes

Sample outputs of both above commands:

[email protected] ~]# sshd -T | grep -i 'AllowTcpForwarding\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|pubkeyacceptedkeytypes'

permitrootlogin yes
pubkeyauthentication yes
passwordauthentication yes
allowtcpforwarding no
pubkeyacceptedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa

[email protected] ~]# grep -v '^\s*#' /etc/ssh/sshd_config | grep -i 'AllowTcpForwarding\|PubkeyAuthentication\|PasswordAuthentication\|Match Address\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|key'^ ; sshd -T | grep -i pubkeyacceptedkeytypes

PermitRootLogin yes
PubkeyAuthentication yes
AllowTcpForwarding no
Match Address 127.0.0.1
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
pubkeyacceptedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa