sshd_config
config securityOpenSSH server configuration
/etc/ssh/sshd_config
Required Packages
sudo apt install -y openssh-server Network
SSH listening port
Bind to specific address (empty = all interfaces)
Authentication
Keyboard-interactive authentication (PAM etc.)
Enable PAM authentication
Path to authorized keys file
Max authentication attempts per connection (default: 6)
Seconds to authenticate before disconnect (default: 120)
Access Control
Space-separated list of allowed users (empty = all users)
Space-separated list of allowed groups
Max concurrent sessions per connection (default: 10)
Rate limit unauthenticated connections: start:rate:full (default: 10:30:100)
Session
Seconds between keepalive messages (0 = disabled, default: 0)
Max keepalive failures before disconnect (default: 3)
Logging
Reverse DNS lookup on connecting clients (slows login)
Miscellaneous
Subsystem sftp /usr/lib/openssh/sftp-server
Display a banner before authentication
Generated Config — /etc/ssh/sshd_config
# OpenSSH server configuration # Apply with: sudo systemctl restart sshd Port 22 AddressFamily any # Authentication PermitRootLogin no PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication no PermitEmptyPasswords no KbdInteractiveAuthentication no UsePAM yes MaxAuthTries 3 LoginGraceTime 60 # Access Control MaxSessions 10 MaxStartups 10:30:60 # Session ClientAliveInterval 300 ClientAliveCountMax 3 X11Forwarding no AllowTcpForwarding yes AllowAgentForwarding yes # Logging LogLevel INFO UseDNS no PrintMotd no # SFTP Subsystem sftp /usr/lib/openssh/sftp-server