Viewing the SSH server configuration clarifies how remote access is secured, which authentication methods are allowed, and which network interfaces accept connections. Understanding the configuration reduces the chance of unexpected logins, port exposure, or policy drift between servers.

The main configuration for an OpenSSH server is read from /etc/ssh/sshd_config, along with any files referenced through Include directives. Effective behavior is a combination of explicit settings in this file and built-in defaults, so examining both the file and the resolved configuration is important for accurate troubleshooting.

Misconfigured directives in /etc/ssh/sshd_config can prevent sshd from starting or block new connections. Configuration inspection is safest when done with read-only tools such as less or cat and with a second active session or console access available before any edits or restarts are attempted.

Related: How to check and validate the SSH server configuration
Related: How to configure the log level for an SSH server
Related: How to start, restart, and stop the SSH server service

Steps to show SSH server configuration:

  1. Open a terminal on the Linux server with sudo privileges. 
    $ whoami
user
  2. Confirm presence and permissions of the primary SSH server configuration file at /etc/ssh/sshd_config. 
    $ ls -l /etc/ssh/sshd_config
-rw-r--r-- 1 root root 3543 Dec 29 02:44 /etc/ssh/sshd_config

    Changing ownership or permissions of /etc/ssh/sshd_config can expose credentials or prevent sshd from reading its configuration, which may block new SSH connections.

  3. View the raw SSH server configuration with a pager for scrolling and search. 
    $ sudo less /etc/ssh/sshd_config
# This is the sshd server system-wide configuration file.  See
# sshd_config(5) for more information.
##### snipped #####

    less provides safe, read-only inspection while keeping the file closed to accidental modifications.

  4. Display only active configuration directives by hiding commented and empty lines. 
    $ sudo grep --extended-regexp --invert-match '^#|^$' /etc/ssh/sshd_config
Include /etc/ssh/sshd_config.d/*.conf
KbdInteractiveAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
AcceptEnv LANG LC_*
Subsystem	sftp	/usr/lib/openssh/sftp-server
PubkeyAuthentication yes

    Filtering commented and blank lines helps focus on effective configuration values that may override defaults.

  5. Show the fully resolved SSH server configuration as parsed by sshd, including defaults and any included files. 
    $ sudo sshd -T
port 22
addressfamily any
listenaddress [::]:22
listenaddress 0.0.0.0:22
usepam yes
pubkeyauthentication yes
passwordauthentication yes
kbdinteractiveauthentication no
##### snipped #####

    sshd -T reveals the final configuration that actually applies at runtime, including values not explicitly set in /etc/ssh/sshd_config.

  6. Inspect specific critical directives in the resolved configuration, such as listening port and authentication settings. 
    $ sudo sshd -T | grep --extended-regexp '^(port|addressfamily|listenaddress|passwordauthentication|pubkeyauthentication)'
port 22
addressfamily any
listenaddress [::]:22
listenaddress 0.0.0.0:22
pubkeyauthentication yes
passwordauthentication yes

    Targeted filtering highlights security-sensitive options like PasswordAuthentication and PubkeyAuthentication for quick review.

  7. Verify that the SSH service is running with the configuration and is in an active state. 
    $ sudo systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/usr/lib/systemd/system/ssh.service; enabled; preset: enabled)
     Active: active (running) since Mon 2025-12-29 02:48:37 UTC; 7s ago
##### snipped #####

    Some distributions name the unit sshd.service instead of ssh.service, and the same status check applies to either name.