# RSA and Ed25519 are fine, but DSA is broken and ecdsa is suspicious
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Includes public keys in logins
LogLevel VERBOSE

# root login should probably be denied entirely, but key is better than
# password
PermitRootLogin prohibit-password

# Passwords are bad
PasswordAuthentication no