sshd: minimize initial sshd_configv1.0.0

Make it less opinionated, more essential.

1 files changed, 5 insertions, 35 deletions

diff --git a/etc/sshd_config b/etc/sshd_config
index ae08408..65b77c6 100644
--- a/etc/sshd_config
+++ b/etc/sshd_config
@@ -1,39 +1,9 @@
-Protocol 2
 Port ${port}
-
-# Drop idle sessions:
-ClientAliveCountMax 3
-ClientAliveInterval 15
-
-# Allow reverse tunnels:
-GatewayPorts yes
-
-# Miscellaneous:
-PrintMotd no
-
-# Hardening.
-# Source: https://infosec.mozilla.org/guidelines/openssh.html
-
-# Only Ed25519:
-HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Only the first choices for ciphers:
-KexAlgorithms curve25519-sha256@libssh.org
-Ciphers chacha20-poly1305@openssh.com
-MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com
-
-# No password login:
-PasswordAuthentication no
-AuthenticationMethods publickey
-# Whitelist users:
 PermitRootLogin no
 AllowGroups ${join(" ", users)}
-
-# Log things:
-Subsystem sftp /usr/lib/openssh/sftp-server -f AUTHPRIV -l INFO
-
-# Whitelist accepted environment variables:
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+AuthenticationMethods publickey
+PrintMotd no
 AcceptEnv LANG LC_*
-
-# Why the fuck would I need X11 forwarding?
-X11Forwarding no
+Subsystem sftp /usr/lib/openssh/sftp-server