Cybersecurity Triage
Risk: safeShow SSH Auth Policy Order
You need to see SSH authentication directives in file order, including Include and Match lines.
Command
grep -nE '^(Include|Match |PubkeyAuthentication|PasswordAuthentication|AuthenticationMethods|[[:space:]]+(PasswordAuthentication|AuthenticationMethods))' etc/ssh/sshd_configBefore you run this
Risk: safe. Do not treat grep output as a full effective config on production systems; use sshd's config test tooling where available.
Expected output
Line-numbered Include, Match, and authentication directives from sshd_config.
System impact
Nothing changes. The command prints line-numbered policy directives in the order sshd_config presents them.
Recovery / rollback: no state is changed.
When to use it
Use when SSH policy looks contradictory and you need to see whether later Match rules override global assumptions.
When not to use it
Do not treat grep output as a full effective config on production systems; use sshd's config test tooling where available.
Watch this command run
Example output from a temporary Linux lab
This example uses disposable sample files and sanitized output so you can inspect the shape of the result before touching a real system.
$ nl -ba etc/ssh/sshd_config
1 Port 22
2 PubkeyAuthentication yes
3 PasswordAuthentication no
4 KbdInteractiveAuthentication no
5 AuthenticationMethods publickey
6 AllowUsers alice deploy
7 Include etc/ssh/sshd_config.d/*.conf
8 Match Address 198.51.100.0/24
9 PasswordAuthentication yes
10 AuthenticationMethods publickey,password$ grep -nE '^(Include|Match |PubkeyAuthentication|PasswordAuthentication|AuthenticationMethods|[[:space:]]+(PasswordAuthentication|AuthenticationMethods))' etc/ssh/sshd_config
2:PubkeyAuthentication yes
3:PasswordAuthentication no
5:AuthenticationMethods publickey
7:Include etc/ssh/sshd_config.d/*.conf
8:Match Address 198.51.100.0/24
9: PasswordAuthentication yes
10: AuthenticationMethods publickey,passwordView reproducible demo details
This page shows the sanitized shell transcript and the setup steps needed to reproduce the example.
Lab setup steps
nl -ba etc/ssh/sshd_configgrep -nE '^(Include|Match |PubkeyAuthentication|PasswordAuthentication|AuthenticationMethods|[[:space:]]+(PasswordAuthentication|AuthenticationMethods))' etc/ssh/sshd_config
next steps
Related commands
Find SSH Password Auth Exceptions
A global password-auth setting can be changed later by a Match block.
awk '/^Match /{ctx=$0} /^PasswordAuthentication|^AuthenticationMethods|^[[:space:]]+PasswordAuthentication|^[[:space:]]+AuthenticationMethods/ {print (ctx ? ctx : "global") ": " $0}' etc/ssh/sshd_config
Check Key SSH Authentication Settings
SSH policy should be visible before you change it.
grep -nE '^(PasswordAuthentication|PermitRootLogin|PubkeyAuthentication|AllowUsers)' etc/ssh/sshd_config
List SSH Allow and Deny Rules
SSH access can be shaped by users, groups, and Match blocks.
grep -RhnE '^(AllowUsers|AllowGroups|DenyUsers|DenyGroups|Match )' etc/ssh
Count authorized_keys by User
authorized_keys is the practical SSH access list.
find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -exec sh -c 'for f do user=$(basename "$(dirname "$(dirname "$f")")"); keys=$(grep -vc "^[[:space:]]*#" "$f"); printf "%s %s %s\n" "$user" "$keys" "$f"; done' sh {} + | sort
Extract SSH AllowUsers Accounts
AllowUsers turns SSH access into an explicit account list.
awk '/^AllowUsers/ {for (i = 2; i <= NF; i++) print $i}' etc/ssh/sshd_config
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.