If ListenAddress isn't specified then sshd will listen on all available IPs. If your server only has one static IP address at a time it's unnecessary to specify it (you should be able to just comment the line out and leave it to this default behavior). Otherwise, you should specify it only if your goal is to restrict it to only one of the server's IP addresses (this would mainly be for security purposes). You can also explicitly set
Code:
# All IPV4 Addresses
ListenAddress 0.0.0.0
# All IPV6 Addresses
ListenAddress ::
if you want to just want to clarify the default behavior for your own reference. Whatever the case you can verify your configuration by checking
Code:
sudo netstat -tulpn | grep ssh
tcp 0 0 0.0.0.0:16 0.0.0.0:* LISTEN 445/sshd
tcp6 0 0 :::16 :::* LISTEN 445/sshd
which for me shows that sshd listens on every IP I have (which happens to be just one). As a final note, I have a few tips to safely update sshd configuration you may find useful:
- Before changing your sshd_config make sure to keep a read-only backup of the current working version:
Code:
cp sshd_config sshd_config.original
chmod 400 sshd_config.original
- this will test your sshd_config and report any errors it finds without actually launching the daemon
- If you reload your sshd for a configuration update, stay logged in with that ssh session and try to open a fresh one to the same server before you exit the original session used to update the configuration
- You can also write a script to reload the configuration and after a set amount of time, say 60 seconds, copy the working backup configuration and reload again in case you got locked out (this is especially useful for iptables updates). You can either run the script with
Code:
nohup /path/to/script.sh &
or run it in screen/tmux.
