Validate SSH Configuration Syntax on Ubuntu

Making changes to your SSH daemon configuration can accidentally lock you out of your server if there are syntax errors. This article explains how to safely validate the syntax of the SSH configuration file (sshd_config) on Ubuntu Linux before restarting the SSH service, ensuring your remote connection remains active and uninterrupted.

To check the syntax of your SSH configuration file, use the SSH daemon (sshd) command with the -t flag.

The Validation Command

Run the following command in your terminal:

sudo sshd -t

• sshd: The SSH daemon binary.
• -t: Enables test mode, which checks the validity of the configuration file and the sanity of the keys without starting the actual daemon.

If your configuration file is error-free, the command will exit silently and output nothing.

Specifying a Custom File Path

If you want to validate a specific configuration file (for example, if you are testing changes in a backup file), you can specify the path using the -f option:

sudo sshd -t -f /etc/ssh/sshd_config

Checking for Errors

If there is a syntax error, the command will display the exact line number and the nature of the error. For example:

/etc/ssh/sshd_config: line 42: Bad configuration option: UnkownDirective

If you see an error, open the configuration file, navigate to the indicated line, correct the mistake, and run the test command again.

Restarting the SSH Service

Once the validation command returns no errors, you can safely restart or reload the SSH service to apply your changes. Run the following command:

sudo systemctl restart ssh

Alternatively, you can reload the service without dropping current connections:

sudo systemctl reload ssh