sshd_config: Port: 22 Protocol: 2 HostKey: - /etc/ssh/ssh_host_rsa_key - /etc/ssh/ssh_host_dsa_key - /etc/ssh/ssh_host_ecdsa_key - /etc/ssh/ssh_host_ed25519_key UsePrivilegeSeparation: 'yes' KeyRegenerationInterval: 3600 ServerKeyBits: 768 SyslogFacility: AUTH LogLevel: INFO LoginGraceTime: 120 PermitRootLogin: 'yes' PasswordAuthentication: 'no' StrictModes: 'yes' RSAAuthentication: 'yes' PubkeyAuthentication: 'yes' IgnoreRhosts: 'yes' RhostsRSAAuthentication: 'no' HostbasedAuthentication: 'no' PermitEmptyPasswords: 'no' ChallengeResponseAuthentication: 'no' AuthenticationMethods 'publickey,keyboard-interactive' X11Forwarding: 'yes' X11DisplayOffset: 10 PrintMotd: 'no' PrintLastLog: 'yes' TCPKeepAlive: 'yes' AcceptEnv: "LANG LC_*" Subsystem: "sftp /usr/lib/openssh/sftp-server" UsePAM: 'yes' UseDNS: 'yes' matches: sftp_chroot: type: Group: sftpusers options: ChrootDirectory: /sftp-chroot/%u X11Forwarding: no AllowTcpForwarding: no ForceCommand: internal-sftp openssh: auth: joe: - name: JOE_VALID_SSH_PUBLIC_KEY present: True enc: ssh-rsa comment: main key - name: JOE_NON_VALID_SSH_PUBLIC_KEY present: False enc: ssh-rsa comment: obsolete key - removed generate_dsa_keys: False provide_dsa_keys: False dsa: private_key: | -----BEGIN DSA PRIVATE KEY----- NOT_DEFINED -----END DSA PRIVATE KEY----- public_key: | ssh-dss NOT_DEFINED generate_ecdsa_keys: False provide_ecdsa_keys: False ecdsa: private_key: | -----BEGIN EC PRIVATE KEY----- NOT_DEFINED -----END EC PRIVATE KEY----- public_key: | ecdsa-sha2-nistp256 NOT_DEFINED generate_rsa_keys: False provide_rsa_keys: False rsa: private_key: | -----BEGIN RSA PRIVATE KEY----- NOT_DEFINED -----END RSA PRIVATE KEY----- public_key: | ssh-rsa NOT_DEFINED generate_ed25519_keys: False provide_ed25519_keys: False ed25519: private_key: | -----BEGIN OPENSSH PRIVATE KEY----- NOT_DEFINED -----END OPENSSH PRIVATE KEY----- public_key: | ssh-ed25519 NOT_DEFINED