Ensure permissions on SSH configuration file are secure


The /etc/ssh/sshd_config file contains configuration specifications for SSHD.

the permissions are correct by default. This test ensures the default permissions are in place.

Why not change the configuration file permissions

The /etc/ssh/sshd_config file needs to be protected from unauthorized changes by non-privileged users. As the sshd_config file holds the ssh service settings, it must be owned and writable only by root to prevent malicious or unintended modifications to the configuration file, maintaining the integrity and security of the service.

How to reconfigure restrictive permissions

First check sshd_config file actual permissions:

ls -l /etc/ssh/sshd_config

The output should result in this:

-rw-r--r-- 1 root root

If the output isn’t the same, set permissions to more restrictive with:

sudo chmod 644 /etc/ssh/sshd_config
sudo chown root:root /etc/ssh/sshd_config

Finally you can check if worked with the same ls -l /etc/ssh/sshd_config command, and compare the results.