$ Linux One Liners
Back to lessons

Cybersecurity Triage

Show SSH Auth Policy Order

You need to see SSH authentication directives in file order, including Include and Match lines.

Command

grep -nE '^(Include|Match |PubkeyAuthentication|PasswordAuthentication|AuthenticationMethods|[[:space:]]+(PasswordAuthentication|AuthenticationMethods))' etc/ssh/sshd_config

What changed

Nothing changes. The command prints line-numbered policy directives in the order sshd_config presents them.

Danger

safe

When to use it

Use when SSH policy looks contradictory and you need to see whether later Match rules override global assumptions.

When not to use it

Do not treat grep output as a full effective config on production systems; use sshd's config test tooling where available.

Undo or recovery

No undo needed because this command is read-only.

Expected output

Line-numbered Include, Match, and authentication directives from sshd_config.

demo script

Disposable terminal steps

  1. nl -ba etc/ssh/sshd_config
  2. grep -nE '^(Include|Match |PubkeyAuthentication|PasswordAuthentication|AuthenticationMethods|[[:space:]]+(PasswordAuthentication|AuthenticationMethods))' etc/ssh/sshd_config
Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel 
::fixture-ready::
$ nl -ba etc/ssh/sshd_config
     1	Port 22
     2	PubkeyAuthentication yes
     3	PasswordAuthentication no
     4	KbdInteractiveAuthentication no
     5	AuthenticationMethods publickey
     6	AllowUsers alice deploy
     7	Include etc/ssh/sshd_config.d/*.conf
     8	Match Address 198.51.100.0/24
     9	    PasswordAuthentication yes
    10	    AuthenticationMethods publickey,password
::exit-code::0
$ grep -nE '^(Include|Match |PubkeyAuthentication|PasswordAuthentication|AuthenticationMethods|[[:space:]]+(PasswordAuthentication|AuthenticationMethods))' etc/ssh/sshd_config
2:PubkeyAuthentication yes
3:PasswordAuthentication no
5:AuthenticationMethods publickey
7:Include etc/ssh/sshd_config.d/*.conf
8:Match Address 198.51.100.0/24
9:    PasswordAuthentication yes
10:    AuthenticationMethods publickey,password
::exit-code::0

YouTube Short

Read SSH policy in order.

Print Include, Match, and authentication directives in file order so later exceptions are visible.

LinkedIn hook

The order of Include, Match, and authentication directives changes how SSH policy reads.

Question: Do you read SSH authentication policy in file order when Match blocks are present?

experiments

A/B tests to run

Metric: watch_time

A: Policy order matters.

B: Match can override global settings.