The order of files in /etc./SSH/sshd_config.d/ matters (and may surprise you)

Suppose, not entirely hypothetically, that you have an Ubuntu 24.04 server system where you want to disable SSH passwords for the Internet but allow them for your local LAN. This looks straightforward based on sshd_config, given the PasswordAuthentication and Match directives: PasswordAuthentication no Match 127.0.0.0/8,192.168.0.0/16 PasswordAuthentication yes Since I'm an innocent person, I put this in a file in /etc/ssh/sshd_config.d/ with a nice high ordering number, say '60-no-passwords.conf'. Then I restarted the SSH daemon and was rather confused when it didn't work (and I wound up resorting to manipulating AuthenticationMethods , which also works). The culprit is two things combined together. The first is this sentence at the start of sshd_config: [...] Unless noted otherwise, for each keyword, the first obtained value will be used. [...] Some configuration systems are 'first mention wins', but I think it's more common to be either 'last mention wins' or 'if it's mentioned ... Read full article.