Openssh daemon config
From wikinotes
Locations
/etc/ssh
sshd_config
Common Options
Port 22 PermitRootLogin no PasswordAuthentication no PermitEmptyPasswords no # if user is authenticated, do not prevent them from accessing # if their ip addr has changed since last time. IgnoreUserKnownHosts yesRestricting Users
# /etc/ssh/sshd_config # members of unix group 'sftpusers' # are restricted to dir '/var/sftpdata/{username}' # and are only allowed to run 'internal-sftp' command Match Group sftpusers ChrootDirectory /var/sftpdata/%u ForceCommand internal-sftp
host keys
Generated on SSH install, it's pubkey sent to client so it can encrypt data for host.
A unique host key should be used for every server install.