# Potiron LogLevel INFO # The possible values are: QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3. #VersionAddendum Niver AllowGroups root ht Subsystem sftp internal-sftp #Subsystem sftp sftp-server ## Network AddressFamily any ListenAddress 0.0.0.0 ListenAddress :: Port 22 ## Cryptography HostKey /etc/ssh/ed25519 HostKey /etc/ssh/rsa-3072 Ciphers chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr HostKeyAlgorithms ssh-ed25519,rsa-sha2-256,rsa-sha2-512 KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512 MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com ## Sessions PermitRootLogin prohibit-password StrictModes yes MaxAuthTries 6 MaxSessions 1 MaxStartups 3:20:200 LoginGraceTime 3m PrintMotd yes UsePAM yes ## Disable everything PermitTTY no PermitTunnel no AllowTcpForwarding no X11Forwarding no AllowAgentForwarding no AllowStreamLocalForwarding no DisableForwarding yes # Disables all forwarding features, including X11, ssh-agent(1), TCP and StreamLocal. PermitUserRC no PermitUserEnvironment no IgnoreRhosts yes AuthorizedKeysFile none AuthenticationMethods none PubkeyAuthentication no PasswordAuthentication no KbdInteractiveAuthentication no PermitEmptyPasswords no ChallengeResponseAuthentication no ## Enable usefull features ### Administrator access Match Group root #### Authentication PubkeyAuthentication yes AuthenticationMethods publickey AuthorizedKeysFile .ssh/authorized_keys #### Allow the use of a terminal PermitTTY yes ### SFTP access Match Group ht #### Authentication PasswordAuthentication yes AuthenticationMethods password #AuthorizedKeysFile keys #### Chroot to the home directory ChrootDirectory %h # %h is home directory, %u is username #### Only SFTP can be used ForceCommand internal-sftp #### Print a message before login Banner /usr/local/share/niver/banner.txt