LogLevel INFO
#LogLevel DEBUG

PidFile none

Port 2200
Protocol 2

HostKey /etc/ssh/host_keys/rsa
HostKey /etc/ssh/host_keys/ed25519

# https://www.ssh-audit.com/hardening_guides.html#ubuntu_20_04_lts
KexAlgorithms curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com
HostKeyAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-512,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com

UsePAM no
PermitRootLogin no
AllowUsers git
PubkeyAuthentication yes
# > RSA: The length of the modulus n shall be 2048 bits or more to meet the
# > minimum security-strength requirement of 112 bits [...]
# https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final
RequiredRSASize 2048
PasswordAuthentication no
ChallengeResponseAuthentication no
StrictModes no

DisableForwarding yes
AllowAgentForwarding no
AllowStreamLocalForwarding no
AllowTcpForwarding no
GatewayPorts no
PermitTunnel no
X11Forwarding no
PermitUserEnvironment no
PrintMotd no
PermitTTY no