Skip to Content

Configurations to be enabled in sshd_config

535  Nesvin KN February 1, 2025  General

Recommended SSHD settings in /etc/ssh/sshd_config   OpenSSH server config file.

Overview: This article provides an overview of recommended SSHD settings in the /etc/ssh/sshd_config file and demonstrates how to view the active configurations and accepted key types using commands to check the current SSH settings on the server.

Run the below command to display all the enabled settings and accepted key types in SSHD.

root@gateway ~]# sshd -T | grep -i 'AllowTcpForwarding\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|pubkeyacceptedkeytypes'

                                                                                                                                  OR

root@gateway ~]# grep -v '^\s*#' /etc/ssh/sshd_config | grep -i 'AllowTcpForwarding\|PubkeyAuthentication\|PasswordAuthentication\|Match Address\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|key'^ ; sshd -T | grep -i pubkeyacceptedkeytypes

Sample outputs of both above commands:

root@gateway ~]# sshd -T | grep -i 'AllowTcpForwarding\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|pubkeyacceptedkeytypes'

permitrootlogin yes
pubkeyauthentication yes
passwordauthentication yes
allowtcpforwarding no
pubkeyacceptedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa

root@gateway ~]# grep -v '^\s*#' /etc/ssh/sshd_config | grep -i 'AllowTcpForwarding\|PubkeyAuthentication\|PasswordAuthentication\|Match Address\|PermitRootLogin\|PubkeyAuthentication\|PasswordAuthentication\|key'^ ; sshd -T | grep -i pubkeyacceptedkeytypes

PermitRootLogin yes
PubkeyAuthentication yes
AllowTcpForwarding no
Match Address 127.0.0.1
PermitRootLogin yes
PubkeyAuthentication yes
PasswordAuthentication yes
pubkeyacceptedkeytypes [email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],[email protected],ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,[email protected],ssh-ed25519,[email protected],rsa-sha2-512,rsa-sha2-256,ssh-rsa

Related Articles: 

How to enable Public key based authentication and Allow root login in SSHD

Enable SSH Key based authentication and Disable Password Authentication in ssh

Enforcing ssh login shell for ssh gateway users selectively in sshd_config file
Rating: 2.75 (4 Votes)