sshd
Enable secure remote access to the server
TLDR
Start daemon in the background
Run sshd in the foreground
Run with verbose output (for debugging)
Run on a specific port
SYNOPSIS
sshd [options]
PARAMETERS
-f config_file
Specifies an alternative configuration file path instead of the default /etc/ssh/sshd_config.
-p port
Specifies the port number for sshd to listen on, overriding the default port 22.
-d
Enables debug mode. The server will not detach from the console and will only accept one connection for debugging purposes.
-e
Logs debug output to standard error instead of the system logging facility (syslog).
-h host_key_file
Specifies a host key file to use. This option can be specified multiple times for different key types.
-t
Test mode. sshd will check the validity of the configuration file and host keys, then exit without starting the daemon.
-q
Quiet mode. Disables most log messages, useful when sshd is run from a startup script.
-4
Forces sshd to use IPv4 addresses only for listening.
-6
Forces sshd to use IPv6 addresses only for listening.
DESCRIPTION
The sshd command is the OpenSSH server daemon, a critical component for secure remote access to Linux and Unix-like systems. It listens for incoming SSH client connections, typically on port 22. Upon connection, sshd performs cryptographic key exchange, authenticates the user (via passwords, public keys, or other methods), and establishes an encrypted session. This enables secure remote login, command execution, file transfers (SCP/SFTP), and port forwarding over potentially insecure networks. Its behavior is extensively configured through the sshd_config file, allowing administrators to enforce security policies, manage access, and customize server operation.
CAVEATS
Security Configuration is Crucial: Improper configuration of sshd (e.g., allowing password authentication, root login, or weak ciphers) can lead to significant security vulnerabilities. Always follow best practices like public key authentication and disabling unnecessary features.
Firewall Rules: Ensure your firewall permits incoming connections on the configured SSH port (default 22) for sshd to be accessible.
CONFIGURATION FILE
The primary way to configure sshd is through its configuration file, typically located at /etc/ssh/sshd_config. This plain-text file contains directives that control various aspects of the server's behavior, including authentication methods, listening port, logging levels, authorized users, and security ciphers. After modifying sshd_config, the sshd service must usually be restarted or reloaded for changes to take effect.
SECURITY BEST PRACTICES
For enhanced security, it's highly recommended to:
1. Use public key authentication instead of passwords.
2. Disable direct root login.
3. Limit user access using AllowUsers or AllowGroups directives.
4. Change the default SSH port (though this is more obfuscation than true security).
5. Keep sshd and the operating system up to date to patch known vulnerabilities.
HISTORY
sshd is the server component of OpenSSH, a free and open-source implementation of the Secure Shell (SSH) protocol. OpenSSH was initially released in 1999 by the OpenBSD project as an alternative to the proprietary SSH software, which had become subject to restrictive licensing. Its development aimed to provide a secure, freely usable SSH suite. sshd quickly became the standard for secure remote access on Unix-like operating systems due to its robust security features, flexibility, and transparent development.
SEE ALSO
ssh(1), scp(1), sftp(1), ssh-keygen(1), sshd_config(5)