# /etc/ssh/sshd\_config The `/etc/ssh/sshd_config` file is a critical configuration file for the SSH daemon (`sshd`) on Linux systems. It defines various parameters and settings that govern the behavior of the SSH server, including authentication methods, access controls, and SSH protocol options. ### Overview of `/etc/ssh/sshd_config` #### Purpose The primary purpose of `/etc/ssh/sshd_config` is to configure the SSH server (`sshd`) to: * Securely authenticate users and hosts. * Define access policies and restrictions. * Specify SSH protocol settings. * Configure logging and other operational behaviors. ### Key Configuration Directives 1. **Port** Specifies the port number on which `sshd` listens for incoming SSH connections: ```plaintext Port 22 ``` 2. **Protocol** Specifies the SSH protocol versions allowed: ```plaintext Protocol 2 ``` 3. **HostKeys** Specifies the location of host key files used for server authentication: ```plaintext HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ed25519_key ``` 4. **Authentication** Configures authentication methods allowed for user authentication: ```plaintext # Enable public key authentication PubkeyAuthentication yes # Disable password authentication PasswordAuthentication no # Allow root login with password PermitRootLogin yes ``` 5. **Logging** Configures logging settings for SSH server activity: ```plaintext # Log level (INFO, VERBOSE, DEBUG, etc.) LogLevel INFO # Log SSH daemon activities SyslogFacility AUTH ``` 6. **Access Controls** Defines access rules and restrictions for SSH connections: ```plaintext # Allow users from specific groups AllowGroups sshusers # Deny users from specific groups DenyGroups root # Allow specific users AllowUsers user1 user2 # Deny specific users DenyUsers user3 ``` 7. **Other Settings** There are numerous other settings that can be configured in `sshd_config` depending on specific security and operational requirements, including: * TCPKeepAlive * UseDNS * PermitEmptyPasswords * MaxAuthTries * X11Forwarding * Match directives for conditional configurations ### Example `sshd_config` Here's an example of a basic `sshd_config` file with some common configurations: ```plaintext # Port to listen on Port 22 # Protocol versions to use Protocol 2 # Host keys HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ed25519_key # Authentication methods PubkeyAuthentication yes PasswordAuthentication no # Logging LogLevel INFO SyslogFacility AUTH # Access controls AllowGroups sshusers DenyGroups root AllowUsers user1 user2 DenyUsers user3 ``` ### Applying Changes After making changes to `/etc/ssh/sshd_config`, it's important to restart the SSH daemon (`sshd`) to apply the new configuration: ```bash sudo systemctl restart sshd ``` ### Security Considerations * Always use strong authentication methods like public key authentication (`PubkeyAuthentication yes`) and disable weak methods like password authentication (`PasswordAuthentication no`) where possible. * Regularly review and update `sshd_config` to adhere to security best practices and organizational policies. ### Conclusion `/etc/ssh/sshd_config` is a critical file for configuring the SSH server (`sshd`) on Linux systems. Proper configuration of this file ensures secure and efficient SSH connections, while also enhancing overall system security.