infrastructure/templates/sshd_config.j2

Protocol 2
Port {{ ansible_port }}
ListenAddress {{ ansible_default_ipv4.address }}
{% if ansible_default_ipv6.address is defined %}
ListenAddress {{ ansible_default_ipv6.address }}
{% endif %}

HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

PermitRootLogin without-password
StrictModes yes
MaxAuthTries 2
AllowUsers root

PubkeyAuthentication yes
AuthenticationMethods publickey
AuthorizedKeysFile     .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no

IgnoreRhosts yes
UsePAM yes
ChallengeResponseAuthentication no
PrintMotd no
X11Forwarding no
AllowTcpForwarding no

Subsystem sftp /usr/lib/openssh/sftp-server
Add playbook 2021-03-09 12:42:28 +00:00			`Protocol 2`
			`Port {{ ansible_port }}`
			`ListenAddress {{ ansible_default_ipv4.address }}`
Move to new VPS 2022-06-05 10:20:34 +00:00			`{% if ansible_default_ipv6.address is defined %}`
Add playbook 2021-03-09 12:42:28 +00:00			`ListenAddress {{ ansible_default_ipv6.address }}`
Move to new VPS 2022-06-05 10:20:34 +00:00			`{% endif %}`
Add playbook 2021-03-09 12:42:28 +00:00
			`HostKey /etc/ssh/ssh_host_rsa_key`
			`HostKey /etc/ssh/ssh_host_ed25519_key`

			`PermitRootLogin without-password`
			`StrictModes yes`
			`MaxAuthTries 2`
			`AllowUsers root`

			`PubkeyAuthentication yes`
			`AuthenticationMethods publickey`
			`AuthorizedKeysFile .ssh/authorized_keys`
			`PasswordAuthentication no`
			`PermitEmptyPasswords no`

			`IgnoreRhosts yes`
			`UsePAM yes`
			`ChallengeResponseAuthentication no`
			`PrintMotd no`
			`X11Forwarding no`
			`AllowTcpForwarding no`

			`Subsystem sftp /usr/lib/openssh/sftp-server`