ansible-roles/system/base/sshd/templates/99-local.conf.j2

# SSH daemon configuration. Note that sshd_config(5) states "For each keyword, the first obtained
# value will be used." This is why files < 00 which are read earlier override the settings below.

Port {{ ansible_port }}

# Completely disable root login via ssh.
PermitRootLogin no

# Explicitly set the list of allowed ssh users.
AllowUsers {{ [system_base_ssh_user] | union(system_base_additional_ssh_users) | join(" ") }}

# SSH enabled only via ssh-key.
PasswordAuthentication no

# No X window forwarding.
X11Forwarding no

# Check in with the client every now and then.
ClientAliveInterval 120
Initial commit 2022-12-20 19:47:11 +01:00			`# SSH daemon configuration. Note that sshd_config(5) states "For each keyword, the first obtained`
			`# value will be used." This is why files < 00 which are read earlier override the settings below.`

			`Port {{ ansible_port }}`

			`# Completely disable root login via ssh.`
			`PermitRootLogin no`

			`# Explicitly set the list of allowed ssh users.`
			`AllowUsers {{ [system_base_ssh_user] \| union(system_base_additional_ssh_users) \| join(" ") }}`

			`# SSH enabled only via ssh-key.`
			`PasswordAuthentication no`

			`# No X window forwarding.`
			`X11Forwarding no`

			`# Check in with the client every now and then.`
			`ClientAliveInterval 120`