SolomonSklash · September 23, 2025 18:18
diff --git a/sshd_config b/sshd_config
 # Modern secure (OpenSSH Server 7+) SSHd config by HacKan
 # Refer to the manual for more info: https://www.freebsd.org/cgi/man.cgi?sshd_config(5)

 # Server fingerprint
 # Regenerate with: ssh-keygen -o -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b 4096
 HostKey /etc/ssh/ssh_host_rsa_key
 # Regerate with: ssh-keygen -o -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
 HostKey /etc/ssh/ssh_host_ed25519_key

 # Log for audit, even users' key fingerprint
 LogLevel VERBOSE

 # Ciphers and keying
 RekeyLimit 1G 1H
 KexAlgorithms [email protected],diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256
 Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr
 MACs [email protected],[email protected],[email protected]

 # Limit sessions and its duration
 MaxAuthTries 2
 MaxSessions 5
 ClientAliveInterval 30
 ClientAliveCountMax 6
 TCPKeepAlive no

 UsePAM yes
 PasswordAuthentication no
 ChallengeResponseAuthentication no
 PubkeyAuthentication yes

 # You can request for several auth methods to grant access, one next to the other
 #AuthenticationMethods publickey

 # Enable AllowAgentForwarding if you need to jump through this host
 AllowAgentForwarding no
 AllowTcpForwarding no
 X11Forwarding no
 PrintMotd no
 Compression no

 # Only if you really need it:
 #AcceptEnv LANG LC_*

 # Enable sftp only if needed
 # For Arch Linux and Debian 10+
 #Subsystem       sftp    /usr/lib/ssh/sftp-server
 # For Debian/Ubuntu
 #Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO

 # Set authorized keys file
 # Prefer using an admin-controlled environment
 #AuthorizedKeysFile      /etc/ssh/authorized_keys/%u
 AuthorizedKeysFile      .ssh/authorized_keys

 # Restrict SSH usage per user or per group (uncomment any, or all, to use)
 #AllowUsers	<your username>
 #AllowGroups ssh-user
	# Modern secure (OpenSSH Server 7+) SSHd config by HacKan
	# Refer to the manual for more info: https://www.freebsd.org/cgi/man.cgi?sshd_config(5)

	# Server fingerprint
	# Regenerate with: ssh-keygen -o -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b 4096
	HostKey /etc/ssh/ssh_host_rsa_key
	# Regerate with: ssh-keygen -o -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
	HostKey /etc/ssh/ssh_host_ed25519_key

	# Log for audit, even users' key fingerprint
	LogLevel VERBOSE

	# Ciphers and keying
	RekeyLimit 1G 1H
	KexAlgorithms [email protected],diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256
	Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr
	MACs [email protected],[email protected],[email protected]

	# Limit sessions and its duration
	MaxAuthTries 2
	MaxSessions 5
	ClientAliveInterval 30
	ClientAliveCountMax 6
	TCPKeepAlive no

	UsePAM yes
	PasswordAuthentication no
	ChallengeResponseAuthentication no
	PubkeyAuthentication yes

	# You can request for several auth methods to grant access, one next to the other
	#AuthenticationMethods publickey

	# Enable AllowAgentForwarding if you need to jump through this host
	AllowAgentForwarding no
	AllowTcpForwarding no
	X11Forwarding no
	PrintMotd no
	Compression no

	# Only if you really need it:
	#AcceptEnv LANG LC_*

	# Enable sftp only if needed
	# For Arch Linux and Debian 10+
	#Subsystem sftp /usr/lib/ssh/sftp-server
	# For Debian/Ubuntu
	#Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO

	# Set authorized keys file
	# Prefer using an admin-controlled environment
	#AuthorizedKeysFile /etc/ssh/authorized_keys/%u
	AuthorizedKeysFile .ssh/authorized_keys

	# Restrict SSH usage per user or per group (uncomment any, or all, to use)
	#AllowUsers <your username>
	#AllowGroups ssh-user