Correct configuration of your SSHD server is vital to ensure secure and uninterrupted access. A single mistake in the sshd_config file can prevent the SSHD service from starting. This can lead to being locked out, especially when making changes remotely. Therefore, it's important to check the configuration before applying any changes.
Fortunately, SSHD provides a built-in command to test the validity of the sshd_config file. This tool allows you to identify and correct errors before they cause service disruptions. By using this command, you can ensure the configuration is correct without risking service downtime.
Testing the configuration before restarting the SSHD service is a simple yet crucial step. It ensures that your changes won’t cause any issues, maintaining the stability and accessibility of your server.
Steps to check and validate sshd configuration:
- Open the terminal application on your server.
- Access the sshd_config file with your preferred text editor.
$ sudo vi /etc/ssh/sshd_config [sudo] password for user:
- Make any necessary changes to the configuration file and save your edits.
# Example of overriding settings on a per-user basis #Match User anoncvs # X11Forwarding no # AllowTcpForwarding no # PermitTTY no # ForceCommand cvs server PrintMotd not
- Test the validity of the sshd_config file with sshd.
$ sudo sshd -t /etc/ssh/sshd_config line 124: unsupported option "not".
-t Test mode. Only check the validity of the configuration file and sanity of the keys. This is useful for updating sshd reliably as configuration options may change.
Use -f option to test alternate configuration file.
$ sudo sshd -t -f /etc/ssh/sshd_config_test
- Review any error messages that are displayed and correct the errors in the sshd_config file.
- Retest the configuration after making corrections.
$ sudo sshd -t $
- Once there are no errors, restart the SSHD service to apply the changes.
$ sudo systemctl restart sshd
Mohd Shakir Zakaria is an experienced cloud architect with a strong development and open-source advocacy background. He boasts multiple certifications in AWS, Red Hat, VMware, ITIL, and Linux, underscoring his expertise in cloud architecture and system administration.
Comment anonymously. Login not required.