# SSH daemon configuration. Note that sshd_config(5) states "For each keyword, the first obtained
# value will be used." This is why files < 00 which are read earlier override the settings below.

Port {{ ansible_port }}

# Completely disable root login via ssh.
PermitRootLogin no

# Explicitly set the list of allowed ssh users.
AllowUsers {{ [ssh_user] | union(additional_ssh_users) | join(" ") }}

# SSH enabled only via ssh-key.
PasswordAuthentication no

# No X window forwarding.
X11Forwarding no

# Check in with the client every now and then.
ClientAliveInterval 120