Your browser does not allow storing cookies. We recommend enabling them.



SSHD-CHECK-CONF(5)             SSH2            SSHD-CHECK-CONF(5)

       sshd-check-conf - checks what your configuration allows or
       denies based on the incoming username and/or hostname

       sshd-check-conf  [-d debug_level]  [-v  ]  [-V  ]  [-h   ]
       [-f config_file] [[user@]host ...]

       sshd-check-conf checks how sshd2 will react to an incoming
       user, based on the username and the remote hostname  given
       as  parameters.   Currently,  the  parameters  AllowHosts,
       DenyHosts, AllowSHosts, DenySHosts, AllowUsers, DenyUsers,
       AllowGroups,    DenyGroups,   ChrootUsers,   ChrootGroups,
       AllowTcpForwardingForUsers,     DenyTcpForwardingForUsers,
       AllowTcpForwardingForGroups,   and   DenyTcpForwardingFor-
       Groups are checked.

       -d debug_level_spec
              Debug mode.  The debugging level is either a number
              or  a  comma-separated  list  of assignments of the
              format   ModulePattern=debug_level,   for   example

       -v     Enables  verbose  mode.  Displays verbose debugging
              messages.  Equivalent to -d 2.

       -V     Displays version string.

       -h     Displays a short help on command-line options.

       -f configuration_file
              Specifies the name of the configuration file.   The
              default  is    /opt/tectia/etc/sshd2_config      or
              $HOME/.ssh2/sshd2_config, depending on who is  run-
              ning the program, root or normal user.

       Any non-options gived on the command line will be regarded
       as  [user@]host  patterns  (that  is,  the  user  part  is
       optional).   If the host part is a valid IP address, it is
       looked up from DNS.  Otherwise it is interpreted as a host
       name  and  the  corresponding IP addresses will be queried
       from DNS.

       You can specify multiple patterns on the command line.

       If no patterns are specified on the  command  line,  sshd-
       check-conf   will  go  into  interactive  mode  where  the
       patterns can be given one at  a  time  and  they  will  be

       You  may  also  specify  one  command in interactive mode,
       "dump". This command dumps the configuration (with subcon-
       figurations amended) for the previous pattern.

       % sshd-check-conf -f /opt/tectia/etc/sshd2_config

       %      sshd-check-conf      -f      /opt/tectia/etc/sshd2_config

       % sshd-check-conf

       Tectia Corporation

       For more information, see

       sshd2(8), sshd2_config(5), sshd2_subconfig(5)




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now