Include /etc/ssh/sshd_config.d/*.conf HostKey /etc/ssh/ssh_host_ed25519_key # Ciphers and keying HostKeyAlgorithms ssh-ed25519 CASignatureAlgorithms ssh-ed25519 HostbasedAcceptedKeyTypes ssh-ed25519 HostKeyAlgorithms ssh-ed25519 KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org Ciphers chacha20-poly1305@openssh.com MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com # To disable tunneled clear text passwords, change to no here! PasswordAuthentication no PermitEmptyPasswords no # Change to yes to enable challenge-response passwords (beware issues with # some PAM modules and threads) KbdInteractiveAuthentication no # Set this to 'yes' to enable PAM authentication, account processing, # and session processing. If this is enabled, PAM authentication will # be allowed through the KbdInteractiveAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via KbdInteractiveAuthentication may bypass # the setting of "PermitRootLogin without-password". # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and KbdInteractiveAuthentication to 'no'. UsePAM no X11Forwarding yes PrintMotd no # Allow client to pass locale environment variables AcceptEnv LANG LC_* # override default of no subsystems Subsystem sftp /usr/lib/openssh/sftp-server