How to view SSH server configuration

Viewing the SSH server configuration clarifies how remote access is secured, which authentication methods are allowed, and which network interfaces accept connections. Understanding the configuration reduces the chance of unexpected logins, port exposure, or policy drift between servers.

The main configuration for an OpenSSH server is read from /etc/ssh/sshd_config, along with any files referenced through Include directives. Effective behavior is a combination of explicit settings in this file and built-in defaults, so examining both the file and the resolved configuration is important for accurate troubleshooting.

Misconfigured directives in /etc/ssh/sshd_config can prevent sshd from starting or block new connections. Configuration inspection is safest when done with read-only tools such as less or cat and with a second active session or console access available before any edits or restarts are attempted.

1. Open a terminal on the Linux server with sudo privileges.

   $ whoami
   user

2. Confirm presence and permissions of the primary SSH server configuration file at /etc/ssh/sshd_config.

   $ ls -l /etc/ssh/sshd_config
   -rw------- 1 root root 3385 Oct 10 09:12 /etc/ssh/sshd_config

   Changing ownership or permissions of /etc/ssh/sshd_config can expose credentials or prevent sshd from reading its configuration, which may block new SSH connections.

3. View the raw SSH server configuration with a pager for scrolling and search.

   $ sudo less /etc/ssh/sshd_config
   #       $OpenBSD: sshd_config,v 1.104 2021/07/02 05:11:21 dtucker Exp $
   #
   # This is the sshd server system-wide configuration file.
   ##### snipped #####

   less provides safe, read-only inspection while keeping the file closed to accidental modifications.

4. Display only active configuration directives by hiding commented and empty lines.

   $ sudo grep --extended-regexp --invert-match '^#|^$' /etc/ssh/sshd_config
   Port 22
   Protocol 2
   AddressFamily any
   ListenAddress 0.0.0.0
   ListenAddress ::
   PasswordAuthentication no
   PubkeyAuthentication yes
   ##### snipped #####

   Filtering commented and blank lines helps focus on effective configuration values that may override defaults.

5. Show the fully resolved SSH server configuration as parsed by sshd, including defaults and any included files.

   $ sudo sshd -T
   port 22
   addressfamily any
   listenaddress 0.0.0.0
   listenaddress ::
   protocol 2
   pubkeyauthentication yes
   passwordauthentication no
   challengeResponseAuthentication no
   usepam yes
   ##### snipped #####

   sshd -T reveals the final configuration that actually applies at runtime, including values not explicitly set in /etc/ssh/sshd_config.

6. Inspect specific critical directives in the resolved configuration, such as listening port and authentication settings.

   $ sudo sshd -T | grep --extended-regexp '^(port|addressfamily|listenaddress|passwordauthentication|pubkeyauthentication)'
   port 22
   addressfamily any
   listenaddress 0.0.0.0
   listenaddress ::
   pubkeyauthentication yes
   passwordauthentication no

   Targeted filtering highlights security-sensitive options like PasswordAuthentication and PubkeyAuthentication for quick review.

7. Verify that the SSH service is running with the configuration and is in an active state.

   $ sudo systemctl status ssh
   ● ssh.service - OpenBSD Secure Shell server
        Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
        Active: active (running) since Thu 2025-12-11 10:15:01 UTC; 5min ago
   ##### snipped #####

   Some distributions name the unit sshd.service instead of ssh.service, and the same status check applies to either name.