# https://github.com/drduh/config/blob/main/sshd_config
# https://linux.die.net/man/5/sshd_config
#ListenAddress 0.0.0.0
#Port 2400  # /etc/systemd/system/sockets.target.wants/ssh.socket
AddressFamily inet
HostKey /etc/ssh/ssh_host_key
AllowUsers sysadm proxy
Ciphers aes256-gcm@openssh.com
MACs hmac-sha2-512-etm@openssh.com
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
HostKeyAlgorithms rsa-sha2-512,rsa-sha2-256,ssh-ed25519
RekeyLimit 1G 1H
SyslogFacility AUTH
LogLevel VERBOSE
LoginGraceTime 30s
MaxStartups 1
MaxSessions 2
MaxAuthTries 2
ClientAliveInterval 30
ClientAliveCountMax 20
PermitRootLogin no
StrictModes yes
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys
IgnoreRhosts yes
PasswordAuthentication no
PermitEmptyPasswords no
HostbasedAuthentication no
ChallengeResponseAuthentication no
Compression delayed
AllowAgentForwarding no
AllowTcpForwarding no
X11Forwarding no
GatewayPorts no
PermitTunnel no
UseDNS no
PrintMotd no
PrintLastLog yes
PermitUserEnvironment no
#Subsystem sftp  /usr/lib/sftp-server
#Subsystem sftp  /usr/libexec/sftp-server
#TrustedUserCAKeys /etc/ssh/ca.pub
#Match User proxy
#       AllowTcpForwarding yes