Comment by drpixie
3 months ago
There is a nice sshd option (-T) that tells you what it's really doing. Just run
sudo sshd -T | grep password
3 months ago
There is a nice sshd option (-T) that tells you what it's really doing. Just run
sudo sshd -T | grep password
Except that doesn't tell you what it's doing, that tells you what it _might_ do, if you (re)start the server.
sshd -T reads the configuration file and prints information. It doesn't print what the server's currently-running configuration is: https://joshua.hu/sshd-backdoor-and-configuration-parsing
That's why I only use socket-activated per-connection instances of sshd.
Every configuration change immediately applies to every new connection - no need to restart the service!
socket-activated per-connection instances
Yay, they reinvented inetd too!
1 reply →
Yes. Run this as a validation step during base os image creation, if such image is intended to start system with sshd. That way you can verify that distro you use did not pull the carpet from under your feet by changing something with base sshd config that you implicitly rely on.