Configurations to be enabled in sshd_config
Recommended SSHD settings in /etc/ssh/sshd_config OpenSSH server config file.
Run the below command to display all the enabled settings and accepted key types in SSHD.
root@gateway ~]# sshd -T | grep -i 'AllowTcpForwarding\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|pubkeyacceptedkeytypes'
OR
root@gateway ~]# grep -v '^\s*#' /etc/ssh/sshd_config | grep -i 'AllowTcpForwarding\|PubkeyAuthentication\|PasswordAuthentication\|Match Address\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|key'^ ; sshd -T | grep -i pubkeyacceptedkeytypes
Sample outputs of both above commands:
root@gateway ~]# sshd -T | grep -i 'AllowTcpForwarding\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|pubkeyacceptedkeytypes'
permitrootlogin yes
pubkeyauthentication yes
passwordauthentication yes
allowtcpforwarding no
pubkeyacceptedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa
root@gateway ~]# grep -v '^\s*#' /etc/ssh/sshd_config | grep -i 'AllowTcpForwarding\|PubkeyAuthentication\|PasswordAuthentication\|Match Address\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|key'^ ; sshd -T | grep -i pubkeyacceptedkeytypes
PermitRootLogin yes
PubkeyAuthentication yes
AllowTcpForwarding no
Match Address 127.0.0.1
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
pubkeyacceptedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa