/etc/ssh/sshd_config
The /etc/ssh/sshd_config
file is a critical configuration file for the SSH daemon (sshd
) on Linux systems. It defines various parameters and settings that govern the behavior of the SSH server, including authentication methods, access controls, and SSH protocol options.
Overview of /etc/ssh/sshd_config
/etc/ssh/sshd_config
Purpose
The primary purpose of /etc/ssh/sshd_config
is to configure the SSH server (sshd
) to:
Securely authenticate users and hosts.
Define access policies and restrictions.
Specify SSH protocol settings.
Configure logging and other operational behaviors.
Key Configuration Directives
Port
Specifies the port number on which
sshd
listens for incoming SSH connections:Port 22
Protocol
Specifies the SSH protocol versions allowed:
Protocol 2
HostKeys
Specifies the location of host key files used for server authentication:
HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ed25519_key
Authentication
Configures authentication methods allowed for user authentication:
# Enable public key authentication PubkeyAuthentication yes # Disable password authentication PasswordAuthentication no # Allow root login with password PermitRootLogin yes
Logging
Configures logging settings for SSH server activity:
# Log level (INFO, VERBOSE, DEBUG, etc.) LogLevel INFO # Log SSH daemon activities SyslogFacility AUTH
Access Controls
Defines access rules and restrictions for SSH connections:
# Allow users from specific groups AllowGroups sshusers # Deny users from specific groups DenyGroups root # Allow specific users AllowUsers user1 user2 # Deny specific users DenyUsers user3
Other Settings
There are numerous other settings that can be configured in
sshd_config
depending on specific security and operational requirements, including:TCPKeepAlive
UseDNS
PermitEmptyPasswords
MaxAuthTries
X11Forwarding
Match directives for conditional configurations
Example sshd_config
sshd_config
Here's an example of a basic sshd_config
file with some common configurations:
# Port to listen on
Port 22
# Protocol versions to use
Protocol 2
# Host keys
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
# Authentication methods
PubkeyAuthentication yes
PasswordAuthentication no
# Logging
LogLevel INFO
SyslogFacility AUTH
# Access controls
AllowGroups sshusers
DenyGroups root
AllowUsers user1 user2
DenyUsers user3
Applying Changes
After making changes to /etc/ssh/sshd_config
, it's important to restart the SSH daemon (sshd
) to apply the new configuration:
sudo systemctl restart sshd
Security Considerations
Always use strong authentication methods like public key authentication (
PubkeyAuthentication yes
) and disable weak methods like password authentication (PasswordAuthentication no
) where possible.Regularly review and update
sshd_config
to adhere to security best practices and organizational policies.
Conclusion
/etc/ssh/sshd_config
is a critical file for configuring the SSH server (sshd
) on Linux systems. Proper configuration of this file ensures secure and efficient SSH connections, while also enhancing overall system security.
Last updated