Cybersecurity Triage
Read-only, sensitive outputShow SSH Auth Policy Order
You need to see SSH authentication directives in file order, including Include and Match lines.
Command
grep -nE '^(Include|Match |PubkeyAuthentication|PasswordAuthentication|AuthenticationMethods|[[:space:]]+(PasswordAuthentication|AuthenticationMethods))' etc/ssh/sshd_configBefore you run this
System impact: Read-only. Output may expose users, paths, tokens, keys, IPs, process arguments, or log details.
When not to use it: Do not treat grep output as a full effective config on production systems; use sshd's config test tooling where available.
Expected output
Line-numbered Include, Match, and authentication directives from sshd_config.
System impact
Read-only, sensitive output. Nothing changes. The command prints line-numbered policy directives in the order sshd_config presents them.
Recovery / rollback: no state is changed.
When to use it
Use when SSH policy looks contradictory and you need to see whether later Match rules override global assumptions.
When not to use it
Do not treat grep output as a full effective config on production systems; use sshd's config test tooling where available.
Watch this command run
Command transcript
This sanitized transcript shows the commands and output shape without exposing host details.
$ nl -ba etc/ssh/sshd_config
1 Port 22
2 PubkeyAuthentication yes
3 PasswordAuthentication no
4 KbdInteractiveAuthentication no
5 AuthenticationMethods publickey
6 AllowUsers alice deploy
7 Include etc/ssh/sshd_config.d/*.conf
8 Match Address 198.51.100.0/24
9 PasswordAuthentication yes
10 AuthenticationMethods publickey,password$ grep -nE '^(Include|Match |PubkeyAuthentication|PasswordAuthentication|AuthenticationMethods|[[:space:]]+(PasswordAuthentication|AuthenticationMethods))' etc/ssh/sshd_config
2:PubkeyAuthentication yes
3:PasswordAuthentication no
5:AuthenticationMethods publickey
7:Include etc/ssh/sshd_config.d/*.conf
8:Match Address 198.51.100.0/24
9: PasswordAuthentication yes
10: AuthenticationMethods publickey,passwordView commands shown
These are the commands shown in the sanitized transcript.
Commands shown
nl -ba etc/ssh/sshd_configgrep -nE '^(Include|Match |PubkeyAuthentication|PasswordAuthentication|AuthenticationMethods|[[:space:]]+(PasswordAuthentication|AuthenticationMethods))' etc/ssh/sshd_config
next steps
Related commands
Find SSH Password Auth Exceptions
A global password-auth setting can be changed later by a Match block.
awk '/^Match /{ctx=$0} /^PasswordAuthentication|^AuthenticationMethods|^[[:space:]]+PasswordAuthentication|^[[:space:]]+AuthenticationMethods/ {print (ctx ? ctx : "global") ": " $0}' etc/ssh/sshd_config
Check Key SSH Authentication Settings
SSH policy should be visible before you change it.
grep -nE '^(PasswordAuthentication|PermitRootLogin|PubkeyAuthentication|AllowUsers)' etc/ssh/sshd_config
List SSH Allow and Deny Rules
SSH access can be shaped by users, groups, and Match blocks.
grep -RhnE '^(AllowUsers|AllowGroups|DenyUsers|DenyGroups|Match )' etc/ssh
Count authorized_keys by User
authorized_keys is the practical SSH access list.
find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -exec sh -c 'for f do user=$(basename "$(dirname "$(dirname "$f")")"); keys=$(grep -vc "^[[:space:]]*#" "$f"); printf "%s %s %s\n" "$user" "$keys" "$f"; done' sh {} + | sort
Extract SSH AllowUsers Accounts
AllowUsers turns SSH access into an explicit account list.
awk '/^AllowUsers/ {for (i = 2; i <= NF; i++) print $i}' etc/ssh/sshd_config
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.