Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Preferences
Contact Us
Feedback
AWS Documentation
Create an AWS Account

SSH server default configuration changes

PDF
RSS
Focus mode
SSH server default configuration changes - Amazon Linux 2023

For the AL2023 AMI, we changed the types of sshd host keys that we generate with the release. We also dropped some legacy key types to avoid generating them at launch time. Clients must support the rsa-sha2-256 and rsa-sha2-512 protocols or ssh-ed25519 with use of an ed25519 key. By default, ssh-rsa signatures are disabled.

Additionally, AL2023 configuration settings in the default sshd_config file contain UseDNS=no. This new setting means that DNS impairments are less likely to block your ability to establish ssh sessions with your instances. The tradeoff is that the from=hostname.domain,hostname.domain line entries in your authorized_keys files won't be resolved. Because sshd no longer attempts to resolve the DNS names, each comma separated hostname.domain value must be translated to a corresponding IP address.

For more information, see Default SSH server configuration.

PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.