samuela/sshd_config

## sshd_config
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
GatewayPorts no
KbdInteractiveAuthentication yes
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
LogLevel DEBUG
Macs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
PasswordAuthentication no
PermitRootLogin no
UseDns no
X11Forwarding no
UsePAM yes

Banner none

AddressFamily any
Port 22


Subsystem sftp /nix/store/s1xnsm86dy195fr4i4n984ivakrvjv9d-openssh-9.3p1/libexec/sftp-server

PrintMotd no # handled by pam_motd
AuthorizedKeysFile %h/.ssh/authorized_keys /etc/ssh/authorized_keys.d/%u
AuthorizedKeysCommand /ssh-proxy/authorized_keys_command "%u" "%t" "%k"
AuthorizedKeysCommandUser nobody


HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key


## sudo journalctl -u sshd -f
Nov 22 11:35:02 bitbop-proxy sshd[32681]: debug1: Forked child 33239.
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Set /proc/self/oom_score_adj to 0
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: inetd sockets after dupping: 4, 4
Nov 22 11:35:02 bitbop-proxy sshd[33239]: Connection from 73.169.190.84 port 49799 on 172.31.36.207 port 22 rdomain ""
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Local version string SSH-2.0-OpenSSH_9.3
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Remote protocol version 2.0, remote software version OpenSSH_9.0
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: compat_banner: match: OpenSSH_9.0 pat OpenSSH* compat 0x04000000
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: permanently_set_uid: 997/997 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-ed25519 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_KEXINIT sent [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_KEXINIT received [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: rekey out after 134217728 blocks [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Sending SSH2_MSG_EXT_INFO [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_NEWKEYS received [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: rekey in after 134217728 blocks [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: KEX done [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth-request for user foobar service ssh-connection method none [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: attempt 0 failures 0 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: Invalid user foobar from 73.169.190.84 port 49799
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: PAM: initializing for "foobar"
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: PAM: setting PAM_RHOST to "73.169.190.84"
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: PAM: setting PAM_TTY to "ssh"
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth-request for user foobar service ssh-connection method publickey [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: attempt 1 failures 0 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:2PK51kBO0PK56yA8VNaD3J3gaIiVpNjmKch2aWCu8Hw [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth-request for user foobar service ssh-connection method publickey [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: attempt 2 failures 1 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth_pubkey: publickey test pkalg rsa-sha2-512 pkblob RSA SHA256:MoSX2msdk27hf0OGTFi+ce5G6jIr98SCuW6/X/KNzac [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth-request for user foobar service ssh-connection method keyboard-interactive [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: attempt 3 failures 2 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: keyboard-interactive devs  [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: auth2_challenge: user=foobar devs= [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kbdint_alloc: devices 'pam' [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: auth2_challenge_start: trying authentication method 'pam' [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: error: PAM: Authentication failure for illegal user foobar from 73.169.190.84
Nov 22 11:35:02 bitbop-proxy sshd[33239]: Failed keyboard-interactive/pam for invalid user foobar from 73.169.190.84 port 49799 ssh2
Nov 22 11:35:02 bitbop-proxy sshd[33239]: Connection closed by invalid user foobar 73.169.190.84 port 49799 [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: do_cleanup [preauth]
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: monitor_read_log: child log fd closed
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: do_cleanup
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: PAM: cleanup
Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Killing privsep child 33240
	Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
	GatewayPorts no
	KbdInteractiveAuthentication yes
	KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256
	LogLevel DEBUG
	Macs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com
	PasswordAuthentication no
	PermitRootLogin no
	UseDns no
	X11Forwarding no
	UsePAM yes

	Banner none

	AddressFamily any
	Port 22





	Subsystem sftp /nix/store/s1xnsm86dy195fr4i4n984ivakrvjv9d-openssh-9.3p1/libexec/sftp-server

	PrintMotd no # handled by pam_motd
	AuthorizedKeysFile %h/.ssh/authorized_keys /etc/ssh/authorized_keys.d/%u
	AuthorizedKeysCommand /ssh-proxy/authorized_keys_command "%u" "%t" "%k"
	AuthorizedKeysCommandUser nobody


	HostKey /etc/ssh/ssh_host_rsa_key
	HostKey /etc/ssh/ssh_host_ed25519_key
	Nov 22 11:35:02 bitbop-proxy sshd[32681]: debug1: Forked child 33239.
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Set /proc/self/oom_score_adj to 0
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: rexec start in 5 out 5 newsock 5 pipe 7 sock 8
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: inetd sockets after dupping: 4, 4
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: Connection from 73.169.190.84 port 49799 on 172.31.36.207 port 22 rdomain ""
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Local version string SSH-2.0-OpenSSH_9.3
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Remote protocol version 2.0, remote software version OpenSSH_9.0
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: compat_banner: match: OpenSSH_9.0 pat OpenSSH* compat 0x04000000
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: permanently_set_uid: 997/997 [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: list_hostkey_types: rsa-sha2-512,rsa-sha2-256,ssh-ed25519 [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_KEXINIT sent [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_KEXINIT received [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kex: algorithm: sntrup761x25519-sha512@openssh.com [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kex: host key algorithm: ssh-ed25519 [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_KEX_ECDH_INIT received [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: rekey out after 134217728 blocks [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_NEWKEYS sent [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Sending SSH2_MSG_EXT_INFO [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: expecting SSH2_MSG_NEWKEYS [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: SSH2_MSG_NEWKEYS received [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: rekey in after 134217728 blocks [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: KEX done [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth-request for user foobar service ssh-connection method none [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: attempt 0 failures 0 [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: Invalid user foobar from 73.169.190.84 port 49799
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: PAM: initializing for "foobar"
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: PAM: setting PAM_RHOST to "73.169.190.84"
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: PAM: setting PAM_TTY to "ssh"
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth-request for user foobar service ssh-connection method publickey [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: attempt 1 failures 0 [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth_pubkey: publickey test pkalg ssh-ed25519 pkblob ED25519 SHA256:2PK51kBO0PK56yA8VNaD3J3gaIiVpNjmKch2aWCu8Hw [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth-request for user foobar service ssh-connection method publickey [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: attempt 2 failures 1 [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth_pubkey: publickey test pkalg rsa-sha2-512 pkblob RSA SHA256:MoSX2msdk27hf0OGTFi+ce5G6jIr98SCuW6/X/KNzac [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: userauth-request for user foobar service ssh-connection method keyboard-interactive [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: attempt 3 failures 2 [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: keyboard-interactive devs [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: auth2_challenge: user=foobar devs= [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: kbdint_alloc: devices 'pam' [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: auth2_challenge_start: trying authentication method 'pam' [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: error: PAM: Authentication failure for illegal user foobar from 73.169.190.84
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: Failed keyboard-interactive/pam for invalid user foobar from 73.169.190.84 port 49799 ssh2
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: Connection closed by invalid user foobar 73.169.190.84 port 49799 [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: do_cleanup [preauth]
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: monitor_read_log: child log fd closed
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: do_cleanup
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: PAM: cleanup
	Nov 22 11:35:02 bitbop-proxy sshd[33239]: debug1: Killing privsep child 33240