# RSA and Ed25519 are fine, but DSA is broken and ecdsa is suspicious
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

# Includes public keys in logins
LogLevel VERBOSE

# No direct root login, keys might be ok, but audit trail
PermitRootLogin no
# Passwords are bad
PasswordAuthentication no
AuthenticationMethods publickey

# Doesn't exist in Fedora
#Subsystem sftp  /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO

# Use kernel sandbox mechanisms where possible in unprivileged processes
UsePrivilegeSeparation sandbox