# Encryption hardening
HostKey /etc/ssh/ssh_host_ed25519_key
HostKeyAlgorithms ssh-ed25519
KexAlgorithms sntrup761x25519-sha512@openssh.com
PubkeyAcceptedKeyTypes ssh-ed25519
Ciphers aes256-gcm@openssh.com
MACs -*

# Security hardening
AuthorizedKeysFile .ssh/authorized_keys
LoginGraceTime 15s
MaxAuthTries 1
StrictModes yes

## Use PAM for session checks here but authentication is disabled below
UsePAM yes

# Disabling unused authentication methods
ChallengeResponseAuthentication no
PasswordAuthentication no
PermitRootLogin no
KbdInteractiveAuthentication no
KerberosAuthentication no
GSSAPIAuthentication no

# Disabling unused features
AllowAgentForwarding no
AllowTcpForwarding no
PermitTunnel no
X11Forwarding no

# Displaying info
Banner /etc/issue.net
PrintLastLog yes
PrintMotd yes