AcceptEnv LANG LC_*
AuthenticationMethods publickey
ChallengeResponseAuthentication no
Ciphers chacha20-poly1305@openssh.com
ClientAliveCountMax 3
ClientAliveInterval 300
Compression delayed
GatewayPorts no
HostKeyAlgorithms ssh-ed25519
KexAlgorithms mlkem768x25519-sha256,sntrup761x25519-sha512,curve25519-sha256
LogLevel VERBOSE
LoginGraceTime 20s
MACs hmac-sha2-512-etm@openssh.com
MaxAuthTries 3
MaxStartups 3:50:10
PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin no
PermitUserEnvironment no
PidFile /run/sshd.pid
Port 22
PrintLastLog no
PrintMotd no
Protocol 2
PubkeyAuthentication yes
StrictModes yes
Subsystem sftp /usr/libexec/sftp-server
SyslogFacility AUTH
TCPKeepAlive no
UseDNS no
UsePAM yes
X11DisplayOffset 10
X11UseLocalhost no

Match Group sshjail
    ChrootDirectory /srv/ssh
    ForceCommand internal-sftp
    AllowTcpForwarding no
    X11Forwarding no
