dnozay/sshd_config

## sshd_config
# /etc/ssh/sshd_config
# Everything is going to be public-key based.
# And we want to lock down the system from unauthorized access.

# Use only protocol 2
Protocol 2

# Using public-key, one try is enough. Must present the correct key.
MaxAuthTries 1

# Prevent unsecure NFS home directory non-sense.
AuthorizedKeysFile /etc/ssh/keys/%u/authorized_keys

# Log public key fingerprint
LogLevel VERBOSE
SyslogFacility AUTHPRIV

# Public-key only.
PasswordAuthentication no
ChallengeResponseAuthentication no

# Allow pam_ldap users.
# UsePAM yes

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

X11Forwarding yes

# override default of no subsystems
Subsystem   sftp    /usr/libexec/openssh/sftp-server
	# /etc/ssh/sshd_config
	# Everything is going to be public-key based.
	# And we want to lock down the system from unauthorized access.

	# Use only protocol 2
	Protocol 2

	# Using public-key, one try is enough. Must present the correct key.
	MaxAuthTries 1

	# Prevent unsecure NFS home directory non-sense.
	AuthorizedKeysFile /etc/ssh/keys/%u/authorized_keys

	# Log public key fingerprint
	LogLevel VERBOSE
	SyslogFacility AUTHPRIV

	# Public-key only.
	PasswordAuthentication no
	ChallengeResponseAuthentication no

	# Allow pam_ldap users.
	# UsePAM yes

	# Accept locale-related environment variables
	AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
	AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
	AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
	AcceptEnv XMODIFIERS

	X11Forwarding yes

	# override default of no subsystems
	Subsystem sftp /usr/libexec/openssh/sftp-server