bashANYsshsshdconfig-test
bash
sshd -tValidate sshd_config syntax before restart.
OpenSSH Server Admin Cheat Sheet
sshd administration, config validation, systemd control, logging, hardening, authorized keys, and certificates.
Export
Copy the compact sheet, download it, or print it.
Download
`D` dense toggle · `C` copy all
sshd Basics
Test, inspect, and manage the OpenSSH server.
bashANYsshsshdinspect
bash
sshd -TDump effective server configuration values.
bashANYsshsshdmatch
bash
sshd -T -C user=deploy,host=server.example.com,addr=203.0.113.10Evaluate Match blocks for a chosen user and source address.
bashANYsshsshdsystemd
bash
sudo systemctl restart sshdRestart the SSH daemon on systemd-based Linux hosts.
bashANYsshsshdsystemd
bash
sudo systemctl status sshdInspect the daemon status on systemd-based hosts.
bashANYsshsshdlogs
bash
sudo journalctl -u sshd -fFollow SSH daemon logs via journald.
Run sshd in debug foreground mode
Start a test daemon without detaching, useful for troubleshooting.
bashANYsshsshddebug
bash
sudo /usr/sbin/sshd -D -d -p 2222Start a test daemon without detaching, useful for troubleshooting.
sshd_config Patterns
Common server hardening and auth settings.
sshdconfigANYsshsshdhardening
sshdconfig
PasswordAuthentication noRequire key-based authentication on the server.
sshdconfigANYsshsshdhardening
sshdconfig
PermitRootLogin noPrevent direct root SSH sessions.
sshdconfigANYsshsshdaccess-control
sshdconfig
AllowUsers deploy opsRestrict which user accounts may log in.
sshdconfigANYsshsshdaccess-control
sshdconfig
AllowGroups sshusers adminsRestrict logins to group members.
sshdconfigANYsshsshdauthentication
sshdconfig
PubkeyAuthentication yesEnsure public key authentication is on.
sshdconfigANYsshsshdauthorized-keys
sshdconfig
AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2Point to one or more authorized_keys paths.
sshdconfigANYsshsshdauthentication
sshdconfig
KbdInteractiveAuthentication noTurn off interactive password-style auth methods.
sshdconfigANYsshsshdkeepalive
sshdconfig
ClientAliveInterval 60
ClientAliveCountMax 3Drop dead sessions after missed keepalive responses.
sshdconfigANYsshsshdmatchsftp
sshdconfig
Match Group sftpusers
ChrootDirectory /srv/sftp/%u
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding noApply options only to members of a specific group.
Server Keys and Certificates
Host keys, CAs, and host certificates.
bashANYsshsshdhostkey
bash
sudo ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N ''Create an Ed25519 host key for sshd.
bashANYsshcertificateca
bash
ssh-keygen -t ed25519 -f ~/.ssh/ca_user -C 'user CA'Create a key pair for signing user certificates.
bashANYsshcertificateuser
bash
ssh-keygen -s ~/.ssh/ca_user -I alice@example.com -n alice -V +52w ~/.ssh/id_ed25519.pubCreate a short-lived user certificate from a CA.
sshdconfigANYsshcertificatesshd
sshdconfig
TrustedUserCAKeys /etc/ssh/trusted_user_ca_keys.pubAllow user certificates signed by a trusted CA.
textANYsshcertificateknown-hosts
text
@cert-authority *.example.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAI...Trust host certificates signed by a CA.
More in SSH
SSH Tunnels and Forwarding Cheat Sheet
Local, remote, and dynamic SSH forwarding with practical database, web, and bastion tunnel recipes.
SCP and SFTP Cheat Sheet
SSH-based file transfer with scp and sftp, including recursive copies, jump hosts, interactive commands, and batch mode.
SSH Keys and Agent Cheat Sheet
SSH key generation, authorized_keys management, ssh-keyscan, host keys, ssh-agent, ssh-add, and certificate basics.
SSH Config Cheat Sheet
Client-side SSH configuration examples for aliases, defaults, patterns, includes, ProxyJump, multiplexing, and effective config inspection.
SSH Cheat Sheet
Comprehensive SSH client commands for login, remote execution, auth, multiplexing, jump hosts, and practical options.