# @path: /etc/ssh/sshd_config.d/sshd_hardened.conf # @permission: -rw-r--r-- 1 root root # Disallow passwords PasswordAuthentication no PubkeyAuthentication yes # Restrict user to sftp server (no shell) Match User publisher ForceCommand internal-sftp ChrootDirectory {{ sftp_root }} PermitTunnel no AllowAgentForwarding no AllowTcpForwarding no X11Forwarding no