# managed by Ansible

# network
Port {{ ansible_port }}

# security
PermitRootLogin yes
MaxAuthTries 6
MaxSessions 10

# auth
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
ClientAliveInterval 180

{% if ansible_facts["os_family"] == "Debian" %}
Subsystem sftp /usr/lib/openssh/sftp-server
ChallengeResponseAuthentication no
UsePAM yes
PrintMotd no
UsePrivilegeSeparation sandbox
{% else %}
Subsystem sftp /usr/libexec/sftp-server
{% endif %}