$ Linux One Liners
Back to commands

Cybersecurity Triage

Read-only, sensitive output

Check Key SSH Authentication Settings

You need to read important SSH daemon authentication settings.

Command

grep -nE '^(PasswordAuthentication|PermitRootLogin|PubkeyAuthentication|AllowUsers)' etc/ssh/sshd_config

Before you run this

System impact: Read-only. Output may expose users, paths, tokens, keys, IPs, process arguments, or log details.

When not to use it: Do not reload SSH from this output alone; validate full config syntax in real systems.

Expected output

Line-numbered SSH authentication settings.

System impact

Read-only, sensitive output. Nothing changes. The command prints matching SSH configuration lines with numbers.

Recovery / rollback: no state is changed.

When to use it

Use during SSH hardening checks or after unexpected login behavior.

When not to use it

Do not reload SSH from this output alone; validate full config syntax in real systems.

Watch this command run

Command transcript

This sanitized transcript shows the commands and output shape without exposing host details.

demo@lab:~$

$ sed -n '1,12p' etc/ssh/sshd_config

Port 22
PermitRootLogin no
PasswordAuthentication no
PubkeyAuthentication yes
AllowUsers alex deploy

$ grep -nE '^(PasswordAuthentication|PermitRootLogin|PubkeyAuthentication|AllowUsers)' etc/ssh/sshd_config

2:PermitRootLogin no
3:PasswordAuthentication no
4:PubkeyAuthentication yes
5:AllowUsers alex deploy
View commands shown

These are the commands shown in the sanitized transcript.

Commands shown

  1. sed -n '1,12p' etc/ssh/sshd_config
  2. grep -nE '^(PasswordAuthentication|PermitRootLogin|PubkeyAuthentication|AllowUsers)' etc/ssh/sshd_config

next steps

Related commands

Cybersecurity Triage Sensitive output

Show SSH Auth Policy Order

The order of Include, Match, and authentication directives changes how SSH policy reads.

grep -nE '^(Include|Match |PubkeyAuthentication|PasswordAuthentication|AuthenticationMethods|[[:space:]]+(PasswordAuthentication|AuthenticationMethods))' etc/ssh/sshd_config
Cybersecurity Triage Sensitive output

List SSH Allow and Deny Rules

SSH access can be shaped by users, groups, and Match blocks.

grep -RhnE '^(AllowUsers|AllowGroups|DenyUsers|DenyGroups|Match )' etc/ssh
Cybersecurity Triage Sensitive output

Find SSH Password Auth Exceptions

A global password-auth setting can be changed later by a Match block.

awk '/^Match /{ctx=$0} /^PasswordAuthentication|^AuthenticationMethods|^[[:space:]]+PasswordAuthentication|^[[:space:]]+AuthenticationMethods/ {print (ctx ? ctx : "global") ": " $0}' etc/ssh/sshd_config
Cybersecurity Triage Sensitive output

Extract SSH AllowUsers Accounts

AllowUsers turns SSH access into an explicit account list.

awk '/^AllowUsers/ {for (i = 2; i <= NF; i++) print $i}' etc/ssh/sshd_config
Cybersecurity Triage Can be slow

Review a Breakglass Account

Emergency accounts should be easy to find and hard to ignore.

grep -Rhn 'breakglass' fixtures/user-access-audit/etc fixtures/user-access-audit/home fixtures/user-access-audit/logs
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:103-gnu-unix-commands
  • lpic1:104-filesystems-permissions-fhs
  • lpic1:107-admin-tasks
  • lpic1:110-security
  • lfcs:essential-commands
  • lfcs:security-hygiene
  • lfcs:users-groups
  • linuxplus:automation-scripting
  • linuxplus:provisional
  • linuxplus:security
  • risk:read-only
  • risk:security-sensitive

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.