I've recently needed to update my sshd_config file as the hmac-ripemd160 MAC is no longer supported as of sshd version 7.6.
I edited the file then ran:
sshd -t
to test the config.
When that returned null output and exit code 0, I reloaded the config via:
kill -HUP $(pgrep -f /usr/bin/sshd)
(The man page says sshd rereads its configuration file when it receives a hangup signal, SIGHUP)
What are the best practices when changing a server's sshd configuration over an ssh connection?
Make sure you can log in after making changes before dropping privilege and logging out is my best practice.
As @Oldskool says, ensure you have another way of accessing the machine (console, NX, teamviewer).
Instead of editing the default config file, make a copy and then run:
to test the new configutation.
Try the configuration on an unused port (thanks to @gf_ for this tip):
Note that
-poverridesPortconfiguration, butListenAddressconfig will override-p.When you can login, copy the new config over the old (after making a backup).
Then have the server reload config: