What is a sshd_config file ?
sshsysadmindevops

What is a sshd_config file ?

Master the essentials of configuring the sshd_config file for secure remote access management.

lalatendu.swain
lalatendu.swainOctober 18, 2025 · 3 min read

Introduction

The sshd_config file is a vital element of the OpenSSH server (sshd), which facilitates secure remote access to systems over a network. As a system administrator or DevOps engineer, understanding how to configure this file effectively is crucial. Proper configuration not only enhances the security of your server but also optimizes performance and tailors functionality to meet your specific operational needs.

What Is the sshd_config File?

The sshd_config file is the primary configuration file for the SSH daemon, which is responsible for managing incoming SSH connections. This file allows you to customize various aspects of SSH behavior, including security settings, authentication methods, and network options.

Why It Matters

  1. Security Configurations: With the increasing prevalence of cyber threats, appropriate SSH configurations can help secure your server from unauthorized access.
  2. Operational Efficiency: Adjusting default settings can enhance connection performance and improve user experience.
  3. Compliance: Organizations handling sensitive data must adhere to security best practices to meet compliance regulations.

How It Works

The sshd_config file operates through a simple structure that consists of key-value pairs. Each line in the file represents a parameter and its corresponding value. Lines that begin with the # character are comments and are ignored by the SSH daemon, as are blank lines.

Configuration Parameters

Here are some essential parameters you can configure:

  • Port: Specifies the port on which the SSH server listens.
  • PermitRootLogin: Determines whether the root user can log in via SSH.
  • PasswordAuthentication: Enables or disables password-based authentication.
  • PubkeyAuthentication: Enables or disables public key authentication.

Prerequisites

Before you begin configuring the sshd_config file, ensure you have the following:

  • Access to a Linux-based system with OpenSSH installed.
  • Sudo privileges to edit system configuration files.
  • A text editor installed (e.g., nano, vim).

Installation & Setup

If OpenSSH is not already installed on your system, you can install it using the following commands based on your distribution:

For Debian/Ubuntu:

sudo apt update
sudo apt install openssh-server

For CentOS/RHEL:

sudo yum install openssh-server

Once installed, the SSH service should start automatically. You can check its status with:

sudo systemctl status sshd

Step-by-Step Guide

  1. Open the sshd_config file: Use a text editor to access the configuration file.

    sudo nano /etc/ssh/sshd_config

  2. Modify the desired parameters: Make changes according to your security requirements. For example:

    # Change the default SSH port
Port 2222

# Disable root login
PermitRootLogin no

# Allow public key authentication
PubkeyAuthentication yes

# Disable password authentication
PasswordAuthentication no

# Permit only specific users
AllowUsers admin1 admin2

  3. Save and exit the editor: If you are using nano, press CTRL + X, then Y, and hit Enter.

  4. Test the configuration: Ensure there are no syntax errors in your changes.

    sudo sshd -t

  5. Reload the SSH service: Apply the changes you made.

    sudo systemctl restart sshd

Real-World Examples

Example 1: Basic Configuration

Here’s a straightforward example of a sshd_config file:

# The default port for sshd
Port 22

# Disable root login via SSH
PermitRootLogin no

# Allow public key authentication
PubkeyAuthentication yes

# Disable password authentication
PasswordAuthentication no

# Permit only specific users
AllowUsers admin1 admin2

Example 2: Securing SSH

To enhance security by changing the default port and disabling root login, you can modify the sshd_config as follows:

# Change the default SSH port
Port 2222

# Disable root login
PermitRootLogin no

# Ensure only public key authentication is allowed
PasswordAuthentication no

Best Practices

  • Change the default SSH port: This can help reduce automated attacks.
  • Disable root login: Use a standard user account with sudo privileges instead.
  • Use public key authentication: This is more secure than password-based authentication.
  • Limit user access: Use the AllowUsers directive to specify which users can connect.
  • Use strong passwords: If you must use password authentication, ensure they are complex and unique.
  • Regularly update OpenSSH: Keep your software up-to-date to protect against vulnerabilities.
  • Implement fail2ban: This can help mitigate brute-force attacks by banning IPs after a number of failed login attempts.

Common Issues & Fixes

Issue Cause Fix
SSH connection refused SSH service not running Start the SSH service: sudo systemctl start sshd
Permission denied for user User not in AllowUsers list Add user to AllowUsers in sshd_config
Changes not taking effect SSH service not reloaded Reload SSH service: sudo systemctl restart sshd
Syntax error in configuration Incorrect parameter or value Test configuration: sudo sshd -t and correct errors

Key Takeaways

  • The sshd_config file is essential for configuring the SSH daemon.
  • Proper configuration enhances security and operational efficiency.
  • Key parameters include Port, PermitRootLogin, and authentication methods.
  • Always test your configuration before applying changes.
  • Follow best practices to maintain a secure SSH environment.

Responses

Sign in to leave a response.

Loading…

— More from lalatendu.swain

The Code Auditor That Never Sleeps: What Anthropic's Glasswing Project Tells Us About the Next Decade of Cybersecurity

10 min read

Understanding Zero Trust: The Future of Cybersecurity Frameworks

9 min read

The Day I Stopped Fighting My Tools

4 min read

Ensuring Proper Tagging of AWS AMIs and Snapshots in Your Automation Scripts

3 min read