How to verify the validity of an SSH server's configuration

Ensuring the correct configuration of your SSH server is crucial. A misconfiguration can prevent the SSHd service from starting, potentially locking you out if you're editing the sshd_config file remotely. To avoid this, it's essential to verify the configuration before restarting the service.

Fortunately, SSHd provides a built-in option to test the configuration. This option checks the validity of the SSH server configuration file without applying the changes. If errors are detected, they will be displayed, allowing you to rectify them before restarting the service.

1. Open terminal application.
2. Open your sshd_config file using your preferred text editor.

   $ sudo vi /etc/ssh/sshd_config
   [sudo] password for user:

3. Make changes, save and exit editor.

   # Example of overriding settings on a per-user basis
   #Match User anoncvs
   #       X11Forwarding no
   #       AllowTcpForwarding no
   #       PermitTTY no
   #       ForceCommand cvs server
   PrintMotd not

4. Validate the configuration file syntax with sshd.

   $ sudo sshd -t
   /etc/ssh/sshd_config line 124: unsupported option "not".

   -t      Test mode.  Only check the validity of the
           configuration file and sanity of the keys.
           This is useful for updating sshd reliably as
           configuration options may change.

   Use -f option to test alternate configuration file.

   $ sudo sshd -t -f /etc/ssh/sshd_config_test

5. Correct errors in the sshd_config file and retest.

   $ sudo sshd -t
   $

6. Restart the SSHd service to apply the changes once no errors are detected.

   $ sudo systemctl restart sshd

   Related: How to start, restart, and stop the SSH server service