Port 22
Protocol 2

ClientAliveInterval 5
ClientAliveCountMax 2
Compression no
TCPKeepAlive no
X11Forwarding no
IgnoreRhosts yes

LoginGraceTime 1m
PermitRootLogin prohibit-password
MaxAuthTries 3
MaxSessions 5

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

TrustedUserCAKeys /etc/ssh/ssh-ca.pub

PasswordAuthentication no
ChallengeResponseAuthentication no

UsePAM yes

PrintMotd no # pam does that
Subsystem sftp internal-sftp -l INFO