Banner /etc/issue.net
PrintMOTD no

Port {{ ssh_port | default(22) }}
Protocol 2

# Authentication:
AllowUsers {{ ssh_users | default("noahk ansible") }}
ChallengeResponseAuthentication no
HostbasedAuthentication no
LoginGraceTime 120
PasswordAuthentication {{ passwd_auth | default("no") }}
PermitEmptyPasswords no
PermitRootLogin no
PubkeyAuthentication yes
StrictModes yes
UsePAM yes

# Security
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
IgnoreRhosts yes

# Misc. options
AcceptEnv LANG LC_*
TCPKeepAlive yes
Subsystem sftp {{ sftp_path }}

# Logging
SyslogFacility AUTH
LogLevel INFO