Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
# Accept environment variables LANG, LC_*, TIMEFORMAT and TZ
AcceptEnv LANG LC_* TIMEFORMAT TZ
# Show banner before logging in
Banner /etc/banner
# Make sure that users are still connected
ClientAliveInterval 5m
# Kill in-active login attempts
LoginGraceTime 5m
# Log all activity
LogLevel VERBOSE
# Number of password attempts
MaxAuthTries 4
# Number of hanging connections
MaxStartups 4
# Disable root login
PermitRootLogin no
# Enable port forwarding
PermitTunnel yes
# Maintain privacy
PrintLastLog no
# Use internal SFTP process with increased logging and file mode restrictions
Subsystem sftp internal-sftp -l VERBOSE -u 077
# Disable reverse lookup
UseDNS no
# Enable X11 forwarding
X11Forwarding yes
# Specific options for "sftp_only" group members
Match group sftp_only
# Disallow agent forwarding
AllowAgentForwarding no
# Disallow TCP forwarding
AllowTCPForwarding no
# Chroot to the ZFS data partition
ChrootDirectory /mnt/data
# Force all connections to be SFTP
ForceCommand internal-sftp -l VERBOSE -u 077
# Disable port forwarding
PermitTunnel no
# Disable X11 forwarding
X11Forwarding no
# Specific options for "user1" user
Match user user1
# Hide banner
Banner none
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment