[CF1] update sshd_config file instructions (#24119)

Author: deadlypants1973

src/content/docs/cloudflare-one/applications/non-http/short-lived-certificates-legacy.mdx

@@ -53,7 +53,7 @@ Cloudflare Access will take the identity from a token and, using short-lived cer
 
 <Render file="ssh/public-key" />
 
-## 5. Modify your SSHD config
+## 5. Modify your `sshd_config` file
 
 <Render file="ssh/modify-sshd" />
 

src/content/docs/cloudflare-one/connections/connect-networks/use-cases/ssh/ssh-infrastructure-access.mdx

@@ -42,7 +42,12 @@ To connect your devices to Cloudflare:
 <Render file="access/add-infrastructure-app" />
 
 ## 6. (Recommended) Modify order of precedence in Gateway
-<Render file="access/modify-gateway-policy-precedence" product="cloudflare-one" params={{ selector: "Access Infrastructure Target", protocol: "ssh" }} />
+
+<Render
+	file="access/modify-gateway-policy-precedence"
+	product="cloudflare-one"
+	params={{ selector: "Access Infrastructure Target", protocol: "ssh" }}
+/>
 
 ## 7. Configure SSH server
 
@@ -60,7 +65,7 @@ To generate a Cloudflare SSH CA and get its public key:
 
 <Render file="ssh/public-key" />
 
-### Modify your SSHD config
+### Modify your `sshd_config` file
 
 <Render file="ssh/modify-sshd" />
 
@@ -122,11 +127,11 @@ Cloudflare will stop logging SSH commands to your targets, as well as any comman
 To delete the SSH encryption public key using the [API](/api/resources/zero_trust/subresources/gateway/subresources/audit_ssh_settings/methods/update/):
 
 <APIRequest
-  path="/accounts/{account_id}/gateway/audit_ssh_settings"
-  method="PUT"
-  json={{
-    public_key: "",
-  }}
+	path="/accounts/{account_id}/gateway/audit_ssh_settings"
+	method="PUT"
+	json={{
+		public_key: "",
+	}}
 />
 
 </TabItem>

src/content/docs/cloudflare-one/policies/gateway/network-policies/ssh-logging.mdx

@@ -41,7 +41,7 @@ To generate a Gateway SSH proxy CA and get its public key:
 
 <Render file="ssh/public-key" />
 
-## 4. Modify your SSHD config
+## 4. Modify your `sshd_config` file
 
 <Render file="ssh/modify-sshd" />
 

src/content/partials/cloudflare-one/ssh/modify-sshd.mdx

@@ -2,35 +2,23 @@
 {}
 ---
 
-The following procedure makes two changes to the `sshd_config` file on the remote target machine. The first change requires that you uncomment a field already set in most default configurations; the second change adds a new field.
+Configure your SSH server to trust the Cloudflare SSH CA by updating the `sshd_config` file on the remote target machine.
 
-1. While staying within the `/etc/ssh` directory on the remote machine, open the `sshd_config` file.
+1. While in the `/etc/ssh` directory on the remote machine, open the `sshd_config` file.
 
    ```sh
-   vim /etc/ssh/sshd_config
+    sudo vim /etc/ssh/sshd_config
    ```
 
-2. Go to the row named `PubkeyAuthentication`. In most default configurations, the row will appear commented out as follows:
+2. Press `i` to enter insert mode, then add the following lines at the top of the file, above all other directives:
 
    ```txt
-   # PubkeyAuthentication yes
-   ```
-
-3. Remove the `#` symbol to uncomment the line:
-
-	   ```txt
    PubkeyAuthentication yes
-   ```
-
-4. Add a new line below `PubkeyAuthentication`:
-
-   ```txt
    TrustedUserCAKeys /etc/ssh/ca.pub
    ```
 
-5. Save the file and quit the editor. You might need to use the following command again to save and exit.
+   :::caution[Be aware of your include statements]
+   If there are any include statements below these lines, the configurations in those files will not take precedence.
+   :::
 
-   ```txt
-   :w !sudo tee %
-   :q!
-   ```
+3. Press `esc` and then type `:x` and press `Enter` to save and exit.