How to check and validate SSH server's configuration

Correct configuration of your SSHD server is vital to ensure secure and uninterrupted access. A single mistake in the sshd_config file can prevent the SSHD service from starting. This can lead to being locked out, especially when making changes remotely. Therefore, it's important to check the configuration before applying any changes.

Fortunately, SSHD provides a built-in command to test the validity of the sshd_config file. This tool allows you to identify and correct errors before they cause service disruptions. By using this command, you can ensure the configuration is correct without risking service downtime.

Testing the configuration before restarting the SSHD service is a simple yet crucial step. It ensures that your changes won’t cause any issues, maintaining the stability and accessibility of your server.

Steps to check and validate sshd configuration:

Open the terminal application on your server.
Access the sshd_config file with your preferred text editor.
```
$ sudo vi /etc/ssh/sshd_config
[sudo] password for user:
```

Make any necessary changes to the configuration file and save your edits.

# Example of overriding settings on a per-user basis
#Match User anoncvs
#       X11Forwarding no
#       AllowTcpForwarding no
#       PermitTTY no
#       ForceCommand cvs server
PrintMotd not

Test the validity of the sshd_config file with sshd.

$ sudo sshd -t
/etc/ssh/sshd_config line 124: unsupported option "not".

-t      Test mode.  Only check the validity of the
        configuration file and sanity of the keys.
        This is useful for updating sshd reliably as
        configuration options may change.

Use -f option to test alternate configuration file.

$ sudo sshd -t -f /etc/ssh/sshd_config_test

Review any error messages that are displayed and correct the errors in the sshd_config file.
Retest the configuration after making corrections.
```
$ sudo sshd -t
$
```
Once there are no errors, restart the SSHD service to apply the changes.
```
$ sudo systemctl restart sshd
```
Related: How to start, restart, and stop the SSH server service

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.

Discuss the article:

Comment anonymously. Login not required.