# OpenSSH server configuration (managed by Ansible)
Port {{ ssh_port }}
Protocol 2

{% if is_proxmox %}
PermitRootLogin prohibit-password
AcceptEnv LANG LC_*
{% else %}
PermitRootLogin no
{% endif %}

PasswordAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding no
ClientAliveInterval 300
ClientAliveCountMax 2
LoginGraceTime 30
MaxAuthTries 3
AllowTcpForwarding no
PermitEmptyPasswords no
PrintMotd no
UseDNS no
Compression no
Subsystem sftp /usr/lib/openssh/sftp-server