# Encryption hardening HostKey /etc/ssh/ssh_host_ed25519_key HostKeyAlgorithms ssh-ed25519 KexAlgorithms sntrup761x25519-sha512@openssh.com PubkeyAcceptedKeyTypes ssh-ed25519 Ciphers aes256-gcm@openssh.com MACs -* # Security hardening AuthorizedKeysFile .ssh/authorized_keys LoginGraceTime 15s MaxAuthTries 1 StrictModes yes ## Use PAM for session checks here but authentication is disabled below UsePAM yes # Disabling unused authentication methods ChallengeResponseAuthentication no PasswordAuthentication no PermitRootLogin no KbdInteractiveAuthentication no KerberosAuthentication no GSSAPIAuthentication no # Disabling unused features AllowAgentForwarding no AllowTcpForwarding no PermitTunnel no X11Forwarding no # Displaying info Banner /etc/issue.net PrintLastLog yes PrintMotd yes