sbatururimi · January 10, 2019 10:10
diff --git a/sshd_config b/sshd_config
 # Modern secure (OpenSSH Server 7+) SSHd config by HacKan
 # Refer to the manual for more info: https://www.freebsd.org/cgi/man.cgi?sshd_config(5)

 # Server fingerprint
 # Regenerate with: ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b 4096
 HostKey /etc/ssh/ssh_host_rsa_key
 # Regerate with: ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
 HostKey /etc/ssh/ssh_host_ed25519_key

 # Log for audit, even users' key fingerprint
 LogLevel VERBOSE

 UsePrivilegeSeparation sandbox

 # Ciphers and keying
 RekeyLimit 1G 1H
 KexAlgorithms [email protected],diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256
 Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr
 MACs [email protected],[email protected],[email protected]

 # Limit sessions and its duration
 MaxAuthTries 2
 MaxSessions 5
 ClientAliveInterval 30
 ClientAliveCountMax 6
 TCPKeepAlive no

 UsePAM yes
 PasswordAuthentication no
 ChallengeResponseAuthentication no
 PubkeyAuthentication yes

 # You can request for several auth methods to grant access, one next to the other
 #AuthenticationMethods publickey

 # Enable AllowAgentForwarding if you need to jump through this host
 AllowAgentForwarding no
 AllowTcpForwarding no
 X11Forwarding no
 PrintMotd no
 Compression no

 # Only if you really need it:
 #AcceptEnv LANG LC_*

 # For Arch Linux
 # Subsystem       sftp    /usr/lib/ssh/sftp-server
 # For Debian/Ubuntu
 Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO

 # Restrict SSH usage
 #AllowUsers	<your username>
 # Or restrict by group
 AllowGroups ssh-user
	# Modern secure (OpenSSH Server 7+) SSHd config by HacKan
	# Refer to the manual for more info: https://www.freebsd.org/cgi/man.cgi?sshd_config(5)

	# Server fingerprint
	# Regenerate with: ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa -b 4096
	HostKey /etc/ssh/ssh_host_rsa_key
	# Regerate with: ssh-keygen -f /etc/ssh/ssh_host_ed25519_key -N '' -t ed25519
	HostKey /etc/ssh/ssh_host_ed25519_key

	# Log for audit, even users' key fingerprint
	LogLevel VERBOSE

	UsePrivilegeSeparation sandbox

	# Ciphers and keying
	RekeyLimit 1G 1H
	KexAlgorithms [email protected],diffie-hellman-group18-sha512,diffie-hellman-group16-sha512,diffie-hellman-group14-sha256
	Ciphers [email protected],[email protected],[email protected],aes256-ctr,aes192-ctr
	MACs [email protected],[email protected],[email protected]

	# Limit sessions and its duration
	MaxAuthTries 2
	MaxSessions 5
	ClientAliveInterval 30
	ClientAliveCountMax 6
	TCPKeepAlive no

	UsePAM yes
	PasswordAuthentication no
	ChallengeResponseAuthentication no
	PubkeyAuthentication yes

	# You can request for several auth methods to grant access, one next to the other
	#AuthenticationMethods publickey

	# Enable AllowAgentForwarding if you need to jump through this host
	AllowAgentForwarding no
	AllowTcpForwarding no
	X11Forwarding no
	PrintMotd no
	Compression no

	# Only if you really need it:
	#AcceptEnv LANG LC_*

	# For Arch Linux
	# Subsystem sftp /usr/lib/ssh/sftp-server
	# For Debian/Ubuntu
	Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO

	# Restrict SSH usage
	#AllowUsers <your username>
	# Or restrict by group
	AllowGroups ssh-user