From 864bdacaed1442ddd840d4f349fbab7f105b58fa Mon Sep 17 00:00:00 2001
From: Stefan Brand <seiichiro@seiichiro0185.org>
Date: Sun, 31 Oct 2021 19:23:50 +0100
Subject: [PATCH] Add a Default SSH Config and CA

---
 etc/ssh/ssh-ca.pub  |  1 +
 etc/ssh/sshd_config | 27 +++++++++++++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 etc/ssh/ssh-ca.pub
 create mode 100644 etc/ssh/sshd_config

diff --git a/etc/ssh/ssh-ca.pub b/etc/ssh/ssh-ca.pub
new file mode 100644
index 0000000..8bb372c
--- /dev/null
+++ b/etc/ssh/ssh-ca.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH+nJART0HRPz+9ykN6cTQp/ixUoPhbyH01D7SGBXW9Z causer@ca01
diff --git a/etc/ssh/sshd_config b/etc/ssh/sshd_config
new file mode 100644
index 0000000..a5580d8
--- /dev/null
+++ b/etc/ssh/sshd_config
@@ -0,0 +1,27 @@
+Port 22
+Protocol 2
+
+ClientAliveInterval 5
+ClientAliveCountMax 2
+Compression no
+TCPKeepAlive no
+X11Forwarding no
+IgnoreRhosts yes
+
+LoginGraceTime 1m
+PermitRootLogin prohibit-password
+MaxAuthTries 3
+MaxSessions 5
+
+PubkeyAuthentication yes
+AuthorizedKeysFile .ssh/authorized_keys
+
+TrustedUserCAKeys /etc/ssh/ssh-ca.pub
+
+PasswordAuthentication no
+ChallengeResponseAuthentication no
+
+UsePAM yes
+
+PrintMotd no # pam does that
+Subsystem sftp internal-sftp -l INFO