Cybersecurity Triage
Read-only, sensitive outputFind SSH Password Auth Exceptions
You need to see whether sshd_config has password authentication exceptions under Match rules.
Command
awk '/^Match /{ctx=$0} /^PasswordAuthentication|^AuthenticationMethods|^[[:space:]]+PasswordAuthentication|^[[:space:]]+AuthenticationMethods/ {print (ctx ? ctx : "global") ": " $0}' etc/ssh/sshd_configBefore you run this
System impact: Read-only. Output may expose users, paths, tokens, keys, IPs, process arguments, or log details.
When not to use it: Do not reload SSH based only on this excerpt; validate the full effective sshd configuration on a real host.
Expected output
Authentication directives labeled as global or attached to the active Match block.
System impact
Read-only, sensitive output. Nothing changes. The command reads sshd_config and prints authentication directives with their current Match context.
Recovery / rollback: no state is changed.
When to use it
Use when a host appears key-only but some users or source ranges can still use password authentication.
When not to use it
Do not reload SSH based only on this excerpt; validate the full effective sshd configuration on a real host.
Watch this command run
Command transcript
This sanitized transcript shows the commands and output shape without exposing host details.
$ sed -n '1,12p' etc/ssh/sshd_config
Port 22
PubkeyAuthentication yes
PasswordAuthentication no
KbdInteractiveAuthentication no
AuthenticationMethods publickey
AllowUsers alice deploy
Include etc/ssh/sshd_config.d/*.conf
Match Address 198.51.100.0/24
PasswordAuthentication yes
AuthenticationMethods publickey,password$ awk '/^Match /{ctx=$0} /^PasswordAuthentication|^AuthenticationMethods|^[[:space:]]+PasswordAuthentication|^[[:space:]]+AuthenticationMethods/ {print (ctx ? ctx : "global") ": " $0}' etc/ssh/sshd_config
global: PasswordAuthentication no
global: AuthenticationMethods publickey
Match Address 198.51.100.0/24: PasswordAuthentication yes
Match Address 198.51.100.0/24: AuthenticationMethods publickey,passwordView commands shown
These are the commands shown in the sanitized transcript.
Commands shown
sed -n '1,12p' etc/ssh/sshd_configawk '/^Match /{ctx=$0} /^PasswordAuthentication|^AuthenticationMethods|^[[:space:]]+PasswordAuthentication|^[[:space:]]+AuthenticationMethods/ {print (ctx ? ctx : "global") ": " $0}' etc/ssh/sshd_config
next steps
Related commands
Show SSH Auth Policy Order
The order of Include, Match, and authentication directives changes how SSH policy reads.
grep -nE '^(Include|Match |PubkeyAuthentication|PasswordAuthentication|AuthenticationMethods|[[:space:]]+(PasswordAuthentication|AuthenticationMethods))' etc/ssh/sshd_config
Extract SSH AllowUsers Accounts
AllowUsers turns SSH access into an explicit account list.
awk '/^AllowUsers/ {for (i = 2; i <= NF; i++) print $i}' etc/ssh/sshd_config
Check Key SSH Authentication Settings
SSH policy should be visible before you change it.
grep -nE '^(PasswordAuthentication|PermitRootLogin|PubkeyAuthentication|AllowUsers)' etc/ssh/sshd_config
List SSH Allow and Deny Rules
SSH access can be shaped by users, groups, and Match blocks.
grep -RhnE '^(AllowUsers|AllowGroups|DenyUsers|DenyGroups|Match )' etc/ssh
Find SSH Keys for nologin Users
A nologin shell does not automatically mean SSH keys are irrelevant.
comm -12 <(awk -F: '$7 !~ /(bash|sh|zsh)$/ {print $1}' fixtures/user-access-audit/etc/passwd | sort) <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort)
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.