# DOC: https://stribika.github.io/2015/01/04/secure-secure-shell.html
AcceptEnv LANG LC_*
AuthorizedKeysFile %h/.ssh/authorized_keys
ChallengeResponseAuthentication no
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
ClientAliveInterval 0
Compression yes
DebianBanner no
GSSAPIAuthentication no
#HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostbasedAuthentication no
IgnoreRhosts yes
IgnoreUserKnownHosts no
KerberosAuthentication no
KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
KeyRegenerationInterval 3600
ListenAddress 0.0.0.0:22
LogLevel INFO
LoginGraceTime 120
#Note: hmac-sha1 est pas trop recommandable. Le virer dès que Ouindo$ le permet
MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-ripemd160-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha1
MaxAuthTries 5
PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin yes
PrintLastLog yes
PrintMotd no
Protocol 2
PubkeyAuthentication yes
RSAAuthentication yes
RhostsRSAAuthentication no
ServerKeyBits 768
StrictModes yes
SyslogFacility AUTH
TCPKeepAlive yes
UsePAM yes
UsePrivilegeSeparation yes
X11DisplayOffset 10
X11Forwarding no

Subsystem sftp internal-sftp
Match Group sftp
	AllowTCPForwarding no
	ChrootDirectory %h
	ForceCommand internal-sftp
	X11Forwarding no

# vim: ft=sshdconfig