44 lines
853 B
Django/Jinja
44 lines
853 B
Django/Jinja
# networking
|
|
Protocol 2
|
|
Port 22
|
|
AddressFamily any
|
|
ListenAddress 0.0.0.0
|
|
ListenAddress ::
|
|
|
|
# hostkey
|
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
|
|
|
# Authentication
|
|
PermitRootLogin no
|
|
|
|
# Hardening
|
|
StrictModes yes
|
|
MaxAuthTries 2
|
|
MaxStartups 10:50:20
|
|
LoginGraceTime 15
|
|
MaxSessions 8
|
|
PasswordAuthentication no
|
|
PubkeyAuthentication yes
|
|
AllowUsers ansible drone hugo simon
|
|
{% endif %}
|
|
VersionAddendum ""
|
|
IgnoreRhosts yes
|
|
UseDNS no
|
|
X11Forwarding no
|
|
ClientAliveCountMax 8
|
|
Compression no
|
|
AllowTcpForwarding yes
|
|
AllowAgentForwarding yes
|
|
PrintMotd yes
|
|
{% if ansible_distribution == 'Debian' %}
|
|
UsePAM yes
|
|
PrintLastLog no
|
|
{% endif %}
|
|
|
|
# The cryptos
|
|
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org
|
|
Ciphers chacha20-poly1305@openssh.com,aes256-ctr
|
|
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
|
|
|
|
# sFTP
|
|
Subsystem sftp /usr/libexec/sftp-server
|