Protocol 2

LogLevel VERBOSE

# https://cipherli.st/
# disable sha1 & nist
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
# disable des; use >= 128 bits
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com

StrictHostKeyChecking yes

PasswordAuthentication no
ChallengeResponseAuthentication no

ExitOnForwardFailure yes

# https://security.stackexchange.com/questions/110639/how-exploitable-is-the-recent-useroaming-ssh-problem
UseRoaming no

# prevent idle connection from timing out
# https://serveo.net/
ServerAliveInterval 60