# networking
Protocol 2
Port 22
AddressFamily inet
ListenAddress 0.0.0.0

# hostkey
HostKey /etc/ssh/ssh_host_ed25519_key

# Authentication
PermitRootLogin no

# Hardening
StrictModes yes
MaxAuthTries 2
MaxStartups 10:50:20
LoginGraceTime 15
MaxSessions 8
PasswordAuthentication no
PubkeyAuthentication yes
AllowUsers ansible drone hugo rundeck simon
VersionAddendum ""
IgnoreRhosts yes
UseDNS no
X11Forwarding no
ClientAliveCountMax 8
Compression no
AllowTcpForwarding yes
AllowAgentForwarding yes
UsePAM yes
PrintMotd no
PrintLastLog no

# The cryptos
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com,aes256-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com

# sFTP
Subsystem sftp /usr/libexec/sftp-server