# /etc/ssh/sshd_config
# {{ ansible_managed }}
# See the sshd_config(5) manpage for details

Port 22
ListenAddress 0.0.0.0
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 1024
SyslogFacility AUTH
LogLevel QUIET
LoginGraceTime 120
StrictModes yes
RSAAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no

Subsystem sftp /usr/lib/openssh/sftp-server

PermitTunnel no
X11Forwarding yes
AllowTcpForwarding no

PrintMotd no
PrintLastLog no
TCPKeepAlive yes

AcceptEnv LANG LC_*

PermitRootLogin no
LoginGraceTime 30
PasswordAuthentication no
PermitEmptyPasswords no
PubkeyAuthentication no
MaxAuthTries 0
MaxSessions 1
MaxStartups 1:1:1

UsePAM yes
ChallengeResponseAuthentication yes

Match Group ssh
	MaxAuthTries 1
	PasswordAuthentication yes

Match User ansible
	MaxAuthTries 1
	PubkeyAuthentication yes