From d41dcde0556c425a959961c47db7aa1044182a84 Mon Sep 17 00:00:00 2001
From: Elizabeth Hunt <me@liz.coffee>
Date: Sun, 20 Jul 2025 22:08:30 -0700
Subject: Updates

---
 fs/etc/ssh/sshd_config | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 fs/etc/ssh/sshd_config

(limited to 'fs/etc/ssh')

diff --git a/fs/etc/ssh/sshd_config b/fs/etc/ssh/sshd_config
new file mode 100644
index 0000000..dec99a1
--- /dev/null
+++ b/fs/etc/ssh/sshd_config
@@ -0,0 +1,30 @@
+Include /etc/ssh/sshd_config.d/*.conf
+
+Port 22
+
+PermitRootLogin no
+PermitEmptyPasswords no
+PasswordAuthentication no
+
+PubkeyAuthentication yes
+UsePAM yes
+AuthorizedKeysCommand /usr/sbin/kanidm_ssh_authorizedkeys %u
+AuthorizedKeysCommandUser nobody
+
+KbdInteractiveAuthentication no
+GSSAPIAuthentication no
+KerberosAuthentication no
+
+AllowAgentForwarding yes
+X11Forwarding no
+
+PrintMotd no
+PrintLastLog yes
+
+AcceptEnv LANG LC_*
+Subsystem       sftp    /usr/lib/openssh/sftp-server
+
+TCPKeepAlive yes
+ClientAliveInterval 300
+ClientAliveCountMax 1
+
-- 
cgit v1.2.3-70-g09d2