Banner /etc/ssh/banner
PidFile /var/run/sshd.pid
Port 22
Protocol 2,1

HostKey /etc/ssh/ssh_host_dsa_key
#HostKey /etc/ssh/ssh_host_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key

SyslogFacility AUTHPRIV
LogLevel VERBOSE

PermitRootLogin without-password
#RSAAuthentication yes
PubkeyAuthentication yes
PubkeyAcceptedKeyTypes +ssh-dss
ChallengeResponseAuthentication no
PasswordAuthentication no
#GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
UsePAM yes
AcceptEnv LANG LC_*
X11Forwarding no
#UsePrivilegeSeparation yes
LoginGraceTime 120
StrictModes yes
#KeyRegenerationInterval 3600
#ServerKeyBits 1024

# slayer, 11.12.2013, solving auto-logout issue
ClientAliveInterval 300
ClientAliveCountMax 3

UseDNS no
MaxStartups 250:30:500

# only cvs for l3 balancer
{%- if grains['yandex-environment'] == 'testing' %}
Match LocalAddress 2a02:6b8:0:3400:0:3c8:0:13/128
    Banner /dev/null
    ForceCommand /usr/sbin/cvs_shell.sh
{%- else %}
Match LocalAddress 2a02:6b8:0:3400::2:19/128
    Banner /dev/null
    ForceCommand /usr/sbin/cvs_shell.sh
Match LocalAddress 5.255.240.19/32
    Banner /dev/null
    ForceCommand /usr/sbin/cvs_shell.sh
{%- endif %}
