test other version

roles/01-server_hardening/templates/sshd_config.j2

@@ -1,47 +1,25 @@
-# SSH configuration for Minecraft server
+# SSH Configuration - Managed by Ansible
 Port {{ ssh_port }}
-Protocol {{ ssh_protocol }}
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_ecdsa_key
-HostKey /etc/ssh/ssh_host_ed25519_key
-
-# Logging
-SyslogFacility AUTH
-LogLevel INFO
+Protocol 2
 
 # Authentication
-LoginGraceTime 60
-PermitRootLogin {{ ssh_permit_root_login }}
-StrictModes yes
-MaxAuthTries {{ ssh_max_auth_tries }}
-MaxSessions 10
-
-PubkeyAuthentication {{ ssh_pub_key_authentication }}
+PermitRootLogin {{ ssh_permit_root_login | ternary('yes', 'no') }}
+PasswordAuthentication {{ ssh_password_authentication | ternary('yes', 'no') }}
+PubkeyAuthentication yes
 AuthorizedKeysFile .ssh/authorized_keys
-
-PasswordAuthentication {{ ssh_password_authentication }}
-PermitEmptyPasswords no
-ChallengeResponseAuthentication no
-KerberosAuthentication no
-GSSAPIAuthentication no
-
-UsePAM yes
-
-AllowUsers {{ ssh_allow_users | join(' ') }}
-
-X11Forwarding no
-PrintMotd no
-AcceptEnv LANG LC_*
+MaxAuthTries {{ ssh_max_auth_tries }}
 
 # Connection settings
 ClientAliveInterval {{ ssh_client_alive_interval }}
 ClientAliveCountMax {{ ssh_client_alive_count_max }}
-TCPKeepAlive yes
+MaxSessions 10
+MaxStartups 10:30:60
 
-# Restrict to specific users
-Match User {{ ssh_allow_users | join(',') }}
-    AllowTcpForwarding no
-    X11Forwarding no
-    PermitTunnel no
-    GatewayPorts no
-    AllowAgentForwarding no
+# Security settings
+PermitEmptyPasswords no
+ChallengeResponseAuthentication no
+UsePAM yes
+X11Forwarding no
+PrintMotd no
+AcceptEnv LANG LC_*
+Subsystem sftp /usr/lib/openssh/sftp-server