overlay-lakitu/chromeos-base/chromeos-base/files/sshd_config - cos/overlays/board-overlays - Git at Google

 # Force protocol v2 only
 Protocol 2

 # Disable IPv6 for now
 AddressFamily inet

 # /etc is read-only.  Fetch keys from stateful partition
 # Not using v1, so no v1 key
 HostKey /mnt/stateful_partition/etc/ssh/ssh_host_rsa_key
 HostKey /mnt/stateful_partition/etc/ssh/ssh_host_ed25519_key

 PasswordAuthentication no
 ChallengeResponseAuthentication no
 PermitRootLogin no
 UsePAM yes

 PrintMotd no
 PrintLastLog no
 UseDns no
 Subsystem sftp internal-sftp

 PermitTunnel no
 AllowTcpForwarding yes
 X11Forwarding no

 Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr

 # Compute times out connections after 10 minutes of inactivity.  Keep alive
 # ssh connections by sending a packet every 7 minutes.
 ClientAliveInterval 420

 AcceptEnv EDITOR LANG LC_ALL PAGER TZ
	# Force protocol v2 only
	Protocol 2

	# Disable IPv6 for now
	AddressFamily inet

	# /etc is read-only. Fetch keys from stateful partition
	# Not using v1, so no v1 key
	HostKey /mnt/stateful_partition/etc/ssh/ssh_host_rsa_key
	HostKey /mnt/stateful_partition/etc/ssh/ssh_host_ed25519_key

	PasswordAuthentication no
	ChallengeResponseAuthentication no
	PermitRootLogin no
	UsePAM yes

	PrintMotd no
	PrintLastLog no
	UseDns no
	Subsystem sftp internal-sftp

	PermitTunnel no
	AllowTcpForwarding yes
	X11Forwarding no

	Ciphers aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr

	# Compute times out connections after 10 minutes of inactivity. Keep alive
	# ssh connections by sending a packet every 7 minutes.
	ClientAliveInterval 420

	AcceptEnv EDITOR LANG LC_ALL PAGER TZ