Tech Study Guide

SSH Access

OpenSSH server administration on Ubuntu: sshd config, keys, authentication, host keys, logs, access control, and troubleshooting.

linux ubuntu ssh security

SSH Access

SSH is the main remote administration path for Linux servers. Operators need to understand both sides: the client connection attempt and the server policy in sshd_config, drop-in snippets, PAM, keys, account state, firewalls, and logs.

Command Examples

sudo systemctl status ssh
sudo sshd -T
grep -R '^[^#]' /etc/ssh/sshd_config /etc/ssh/sshd_config.d 2>/dev/null
journalctl -u ssh -b
ssh -vvv user@example.com

Example output and meaning:

Command Example output What it does
sudo systemctl status ssh Unit state, link state, DNS servers, time sync, or host identity fields. Shows systemd-managed state instead of inferred configuration.
sudo sshd -T Concrete IDs, states, counters, versions, rows, or error strings. Turns the example from a command list into evidence for the next debugging step.
grep -R '^[^#]' /etc/ssh/sshd_config /etc/ssh/sshd_config.d 2>/dev/null Concrete IDs, states, counters, versions, rows, or error strings. Turns the example from a command list into evidence for the next debugging step.

On Ubuntu, the systemd service is commonly named ssh, even though the daemon binary is sshd.

Server Configuration

OpenSSH reads /etc/ssh/sshd_config and, on modern Ubuntu systems, may also read snippets under /etc/ssh/sshd_config.d/. Use sshd -T to see the effective server configuration after parsing.

Important controls:

  • PasswordAuthentication,
  • PubkeyAuthentication,
  • PermitRootLogin,
  • AllowUsers / AllowGroups,
  • KbdInteractiveAuthentication,
  • AuthorizedKeysFile,
  • Match blocks.

Keys and Host Identity

User keys authenticate users. Host keys authenticate the server to clients. Do not confuse them.

If a server is rebuilt and host keys change, clients may warn about a possible man-in-the-middle attack. Verify the rebuild or key rotation before deleting known_hosts entries.

Account and Permission Checks

SSH can fail even when the network is fine:

  • account locked or expired,
  • shell set to nologin,
  • home directory or .ssh permissions too open,
  • wrong ownership of authorized_keys,
  • user not in an allowed group,
  • PAM denies login,
  • firewall or security group blocks TCP 22,
  • fail2ban or similar tooling blocks the client.

Debugging Flow

  1. From the client, run ssh -vvv.
  2. On the server, watch journalctl -u ssh -f.
  3. Confirm effective config with sshd -T.
  4. Check user existence with getent passwd <user>.
  5. Check account state, groups, shell, home, and .ssh permissions.
  6. Confirm firewall and route before changing authentication policy.

Study Cards

Question

What does sshd -T show?

Answer

The effective OpenSSH server configuration after parsing config files and defaults.

Question

What is the difference between user keys and host keys?

Answer

User keys authenticate users to the server; host keys authenticate the server to clients.

Question

Why watch journalctl -u ssh during login tests?

Answer

Server logs show policy, PAM, key, account, and authentication failures that the client may summarize poorly.

References