/etc/ssh/sshd_config you will see several settings (and some you will not see) for setting up OpenSSH as a service. Information on all possible choices within the /etc/ssh/sshd_config can be found by man sshd_config.
# are commented out and not read by the daemon, but the commented out options in the default configuration file are the active defaults.
| yes - enable root login |
| Option | Function |
|---|---|
| no | Root is not allowed to log in via ssh, at all. |
| without-password | Require a public-key (pubkey) to connect |
| forced-commands-only | Connect as root and execute commands as configured in ~/.ssh/authorized_keys |
forced-commands-only option provides the ability to lock down what can be done with a utility key or keys without passwords. As an example, for running backups...
forced-commands-only~/.ssh/authorized_keys on the line with the key being used to connect. /usr/bin/ls -l" ssh-rsa AAA...wnp 'key-comment'
| Option | Usage |
|---|---|
Banner /path/to/filename | Displays file contents on ssh login to all users |
Ciphers aes128-ctr,blowfish-cbc | Comma separated? list of encryption ciphers that OpenSSH will accept. See man sshd_config for the full list. |
| AllowUsers or DenyUsers | Specify allowed or denied users by username |
| AllowGroups or DenyGroups | Allow or deny users by their group associations |
systemctl restart sshd.service