Protocol 2 # LogLevel VERBOSE HostKey /etc/ssh/host_keys/rsa # https://cipherli.st/ KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com PermitRootLogin no PubkeyAuthentication yes # > RSA: The length of the modulus n shall be 2048 bits or more to meet the # > minimum security-strength requirement of 112 bits [...] # https://csrc.nist.gov/publications/detail/sp/800-131a/rev-2/final RequiredRSASize 2048 PasswordAuthentication no StrictModes no # separated by spaces AllowUsers _ ForceCommand /bin/false AllowAgentForwarding no AllowTcpForwarding all GatewayPorts no PermitTunnel no X11Forwarding no PermitUserEnvironment no PermitTTY no PrintMotd no