Port 22
AddressFamily inet
PermitRootLogin no

PasswordAuthentication no
KbdInteractiveAuthentication no
ChallengeResponseAuthentication no
PermitEmptyPasswords no

UsePAM yes
AllowGroups {{ ssh_access_group | default('sshusers') }}

PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

X11Forwarding no
PrintMotd no
PrintLastLog yes

LoginGraceTime 30s
MaxAuthTries 3
MaxSessions 2

AcceptEnv LANG LC_*
Subsystem sftp /usr/lib/openssh/sftp-server