{"id":75013,"date":"2023-06-05T13:09:42","date_gmt":"2023-06-05T17:09:42","guid":{"rendered":"https:\/\/jumpcloud.com\/?post_type=support&p=75013"},"modified":"2024-11-15T12:11:59","modified_gmt":"2024-11-15T17:11:59","slug":"configure-ssh-settings","status":"publish","type":"support","link":"https:\/\/jumpcloud.com\/support\/configure-ssh-settings","title":{"rendered":"Configure SSH Settings"},"content":{"rendered":"\n

For Linux systems, JumpCloud writes to \/etc\/ssh\/sshd_config<\/code> in order to manage the sshd configuration. If exceptions are needed, it’s recommended to use the conditional Match block<\/a>. Anything within a Match block will be ignored by the JumpCloud agent. See Using the Match Block in sshd_config<\/a> below.<\/p>\n\n\n\n

When a Linux device is registered, JumpCloud will persist the original sshd_config<\/code> settings via sshd extended test mode, which will detect all settings for the root user. Once JumpCloud manages the device, the settings in the Admin Portal will be periodically enforced.<\/p>\n\n\n\n

<\/p><\/div>

Note:<\/strong> \n

Note on the Allow SSH Root Login<\/strong> setting: sshd_config PermitRootLogin<\/code> typically has four permissible values: yes, prohibit-password, forced-commands-only, or no. JumpCloud will only support yes or no values, and it is our policy to convert any non-yes value to no. If you want to enforce one of the other permissible values, it’s recommended to use the conditional Match block<\/a> to override the enforced value.  See the man page<\/a> for your particular distribution to confirm permissible values and the default setting.<\/p>\n <\/div><\/div><\/div><\/div>\n\n\n\n

The following is a list of the possible settings, the corresponding changes made to sshd_config<\/code>, and the expected behavior. <\/p>\n\n\n\n