# managed by Ansible

# network
Port {{ sshd_listen_port }}

# security
PermitRootLogin yes
MaxAuthTries 6
MaxSessions 10

# auth
AuthorizedKeysFile .ssh/authorized_keys
PasswordAuthentication no
PermitEmptyPasswords no
ClientAliveInterval 180
X11Forwarding {{ "yes" if sshd_enable_x11_forwarding else "no" }}

{% if ansible_distribution == "Debian" %}
Subsystem sftp /usr/lib/openssh/sftp-server
ChallengeResponseAuthentication no
UsePAM yes
PrintMotd no
UsePrivilegeSeparation sandbox
{% elif ansible_distribution == "Archlinux" %}
Subsystem sftp /usr/lib/ssh/sftp-server
{% else %}
Subsystem sftp /usr/libexec/sftp-server
{% endif %}