# Protocole et sécurité de base
Protocol 2
StrictModes yes
 
# Chiffrement et algorithmes
HostKey /etc/ssh/ssh_host_ed25519_key
KexAlgorithms sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com
Ciphers chacha20-poly1305@openssh.com,aes128-gcm@openssh.com,aes256-gcm@openssh.com
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com
PubkeyAcceptedAlgorithms ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com
 
# Authentification
PermitRootLogin no
AllowGroups wheel
 
PasswordAuthentication no
PermitEmptyPasswords no
KbdInteractiveAuthentication no
PubkeyAuthentication yes
UsePAM yes
 
# Paramètres de session et de connexion
MaxAuthTries 6
LoginGraceTime 30
ClientAliveInterval 3m
ClientAliveCountMax 5
 
# Comportement à la connexion, environnement
PrintLastLog yes
PrintMotd no
PermitUserEnvironment no
AcceptEnv LANG LC_*

# Redirections et accès à distance
AllowTcpForwarding no
X11Forwarding no