# Configuration file for Pi Server home directory serving 

Port 1022
Protocol 2

# Deny pi user
DenyUsers pi

# SFTP only

ForceCommand internal-sftp
AllowTcpForwarding no
PermitTunnel no
X11Forwarding no
Subsystem sftp internal-sftp
HostKey /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation yes

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 10
PermitRootLogin no 
StrictModes yes

RSAAuthentication no 
PubkeyAuthentication no 

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
#ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

KbdInteractiveAuthentication yes
TCPKeepAlive yes
UsePAM yes

