atmoz-sftp/sshd_config

# Secure defaults
# See: https://stribika.github.io/2015/01/04/secure-secure-shell.html
Protocol 2
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key

# Faster connection
# See: https://github.com/atmoz/sftp/issues/11
UseDNS no

# Limited access
PermitRootLogin no
X11Forwarding no
AllowTcpForwarding no

# Force sftp and chroot jail
Subsystem sftp internal-sftp
ForceCommand internal-sftp
ChrootDirectory %h

# Enable this for more logs
#LogLevel VERBOSE
Improved security 2016-06-02 14:56:30 +02:00			`# Secure defaults`
			`# See: https://stribika.github.io/2015/01/04/secure-secure-shell.html`
			`Protocol 2`
			`HostKey /etc/ssh/ssh_host_ed25519_key`
			`HostKey /etc/ssh/ssh_host_rsa_key`

			`# Faster connection`
			`# See: https://github.com/atmoz/sftp/issues/11`
Set UseDNS no Makes login faster: http://unix.stackexchange.com/questions/56941/what-is-the-point-of-sshd-usedns-option 2015-04-27 11:44:18 +02:00			`UseDNS no`
Improved security 2016-06-02 14:56:30 +02:00
			`# Limited access`
First commit 2014-10-07 21:34:24 +02:00			`PermitRootLogin no`
No need for group, forced sftp 2014-10-16 22:07:39 +02:00			`X11Forwarding no`
			`AllowTcpForwarding no`
Improved security 2016-06-02 14:56:30 +02:00
			`# Force sftp and chroot jail`
			`Subsystem sftp internal-sftp`
No need for group, forced sftp 2014-10-16 22:07:39 +02:00			`ForceCommand internal-sftp`
Improved security 2016-06-02 14:56:30 +02:00			`ChrootDirectory %h`

			`# Enable this for more logs`
			`#LogLevel VERBOSE`