{{ ansible_managed | comment }} SyslogFacility AUTH LogLevel VERBOSE AddressFamily any ListenAddress 0.0.0.0 ListenAddress :: Port 22 MaxStartups 10:30:100 HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ecdsa_key # https://infosec.mozilla.org/guidelines/openssh.html KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com AuthenticationMethods publickey TrustedUserCAKeys /etc/ssh/users_ca.pub AuthorizedPrincipalsFile /etc/ssh/authorized_principals StrictModes yes UsePAM no PermitRootLogin yes PermitUserRC no PermitUserEnvironment no AllowAgentForwarding no AllowTcpForwarding yes X11Forwarding no PermitTTY yes PermitTunnel no VersionAddendum none PrintLastLog yes PrintMotd yes TCPKeepAlive yes UseDNS no AcceptEnv LANG LC_* Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO