All Products
Search

This Product

    :Resolve 'Bad configuration options' error when SSH fails to start

    Document Center

    :Resolve 'Bad configuration options' error when SSH fails to start

    Last Updated:Oct 24, 2025

    Causes

    Errors in the SSH configuration file can prevent the service from starting:

    • Syntax error: A configuration option is misspelled, or its value is outside the allowed range or a predefined list (for example, on/off, true/false, or a specific numeric range).

    • File encoding error: The file contains a Byte Order Mark (BOM) or uses CRLF line endings.

    Solutions

    Solution 1: Fix errors in the SSH configuration file

    1. Log on to an ECS instance using a VNC connection.

      1. Go to ECS console - Instance. In the top navigation bar, select the target region and resource group.

      2. Go to the details page of the target instance. Click Connect and select VNC. Enter the username and password to log on to the ECS instance.

    2. Diagnose the SSH service configuration.

      sudo /usr/sbin/sshd -t

      Analyze the error message returned by the command. The message specifies the file, line number, and error type:

      # Example 1: A deprecated configuration item is used
/etc/ssh/sshd_config: line 82: Bad configuration option: RSAAuthentication

# Example 2: Incorrect value for a configuration item
/etc/ssh/sshd_config: line 23: bad value for Port "222222"

    3. Modify the configuration file.

      sudo vim /etc/ssh/sshd_config

      • Handle deprecated configuration options: OpenSSH updates sometimes deprecate older options. Comment out or delete the relevant lines.

        • RSAAuthentication: Deprecated in OpenSSH 7.0 and later.

        • UsePrivilegeSeparation: Deprecated in OpenSSH 7.5 and later, as it is now the default.

      • Correct syntax errors: Use the error message to find and correct the invalid syntax or value on the specified line.

      • Check and fix file encoding: A configuration file copied from a Windows system might contain a Byte Order Mark (BOM) or use CRLF line endings, which cause parsing failures.

        • To check the line ending format: Enter :set fileformat?.
          If the output is fileformat=dos, the file contains CRLF line endings. To fix it, enter :set fileformat=unix.

        • To check for a BOM: Enter :set bomb?.
          If the output is bomb, the file contains a BOM. To fix it, enter :set nobomb.

      If you find none of these issues, or if the configuration file is severely corrupted, you can reinstall the SSH service.

    4. Validate the configuration.

      If the command returns no output, the configuration is correct.

      # Verify the configuration
sudo /usr/sbin/sshd -t

    5. Restart the SSH service.

      sudo systemctl restart sshd

    6. Verify the service status.

      If the output includes active (running), the service started successfully.

      sudo systemctl status sshd

    Solution 2: Reinstall the SSH service

    1. Log on to an ECS instance using a VNC connection.

      1. Go to ECS console - Instance. In the top navigation bar, select the target region and resource group.

      2. Go to the details page of the target instance. Click Connect and select VNC. Enter the username and password to log on to the ECS instance.

    2. Back up the configuration file.

      Reinstalling the SSH service removes all custom configurations, such as modified ports or key-based authentication settings.

      sudo cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup-$(date +%Y%m%d-%H%M%S)

    3. Uninstall the SSH service.

      sudo rpm -e openssh-server

    4. Install the SSH service.

      After installation, migrate your custom configurations from the backup to the new configuration file.

      sudo yum install openssh-server

    5. Start the SSH service. 

      sudo systemctl start sshd

    6. Verify the service status.

      If the output includes active (running), the service started successfully.

      sudo systemctl status sshd