Login/Register
Is /etc/ssh/sshd_config supporting inline comments and multiple key / value within the same line?
Asked Answered
bashunixsshd
T

4

6

I've to write an small script to modify /etc/ssh/sshd_config if this file is not matching with my checklist.

For examples I've to check below entries are matched, if not I need to replace with below entires: 

Banner  /etc/motd  
GatewayPorts no   
KeyRegenerationInterval 3600  
LoginGraceTime 120  
LogLevel INFO    
PermitEmptyPasswords No    
PermitRootLogin No
  1. Is /etc/ssh/sshd_config will be always like: One entry in a line like above or can it be any uses delimiter (Banner /etc/motd, GatewayPorts no)?
  2. Can comments can be anywhere in line (like C programming) or it should start at beginning of the line with #?
Thud answered 4/8, 2017 at 12:51 Comment(0)
A
10

From the sshd_config(5) man page (emphasis mine):

The file contains keyword-argument pairs, one per line. Lines starting with ‘#’ and empty lines are interpreted as comments.

Avina answered 4/8, 2017 at 12:54 Comment(0)
G
3

Part of answer was given, but does not answer everything, so:

From sshd_config(5):

sshd(8) reads configuration data from /etc/ssh/sshd_config (or the file specified with -f on the command line). The file contains keyword-argument pairs, one per line. Lines starting with '#' and empty lines are interpreted as comments. Arguments may optionally be enclosed in double quotes (") in order to represent arguments containing spaces.

  1. Yes, it would always been like KeyWord: value and never KeyWord1: value1, KeyWord2: value2. (The file contains keyword-argument pairs, one per line)
  2. It seems yes, it supports inline comments even if no one doc explicit this (so, you may avoid it). You can run sshd -T to validate your config and see it in action.
Grimes answered 6/8, 2017 at 10:37 Comment(0)
T
1

While only one keyword / value is supported per line, as OpenSSH v8.5 [3/2021], both sshd_config and ssh_config have been updated to support tailing comments.

Example:

# This is a valid comment
keyword value # So is this

Though as of v9.1, the man pages are still out of date.

Ref: Bug 2320 - end-of-line comments work in sshd_config but not in ssh_config

Thill answered 11/12, 2022 at 8:11 Comment(0)
L
0

So, the 2023 answer is: It is supported, but only if your SSH agent is v8.5 or above.

Run ssh -V to check your version.

ssh -V
OpenSSH_9.0p1, LibreSSL 3.3.6
Leisha answered 22/8, 2023 at 9:24 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.