Purchase Linux CDs / DVDs / Flash Drives at OSDisc.com

Welcome to Our Community

While Linux.org has been around for a while, we recently changed management and had to purge most of the content (including users). If you signed up before April 23rd, 2017 please sign up again. Thanks!

  1. More ways to get the info! - we shoot all of our new original content out as well as random messages on Twitter and our newsletter!. Twitter | Newsletter
    Dismiss Notice

Linux server boot issue suspected due to incorrect sshd_config configuration

Discussion in 'General Server' started by Adesh Hambir, Apr 15, 2019.

  1. Adesh Hambir

    Adesh Hambir New Member

    Joined:
    Jan 30, 2019
    Messages:
    1
    Likes Received:
    0
    Recently one of our linux server in the cloud was not coming up after reboot. When we checked with vendor, he said it may be due to sshd_config file not configured properly. There was also file system corruption issue during that time. We are not sure if it was really a file system corruption issue or sshd_config file misconfiguration issue which made server unbootable.
    The sshd_config file was configured as below:
    AllowUsers user1 user2 user3 user4 user5
    AllowUsers user6 user7
    AllowUsers user8
    AllowUsers user9
    As per the vendor there can't be multiple entries for AllowUsers so the entries for user6 user7 user8 user9 are invalid.
    AllowUsers user6 user7
    AllowUsers user8
    AllowUsers user9
    I went though some blogs including Red-hat https://access.redhat.com/discussions/3872831 but it’s not clear from anywhere whether this is a correct configuration or not. Also, is there any way if sshd_config configuration can be validated?


    (Log in to hide this advertisement)

     
  2. TechnoJunky

    TechnoJunky Member

    Joined:
    Dec 3, 2018
    Messages:
    97
    Likes Received:
    96
    From what I've read it needs to be 1 line, spaces between. Another option is to create a group and then use allowgroups instead of allowusers. This might be easier to maintain as well.
     
  3. kenJackson

    kenJackson Member

    Joined:
    Mar 11, 2019
    Messages:
    54
    Likes Received:
    43
    From man sshd_config, "For each keyword, the first obtained value will be used."

    So the vendor is correct. Only the first line is valid.

    I don't know if there's a way to do a static test, but just now as a test, I added a junk entry in my /etc/ssh/sshd_config file and ran "systemctl restart sshd". It failed and reported an error which I can see with "journalctl": "Bad configuration option."

    But when I tried again with a repeated valid option, there was no error. Maybe you need to set the "LogLevel" keyword to "Verbose."
     

Share This Page