Allowed MACs

Defaults to recommended settings from both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67

Allowed ciphers

Defaults to recommended settings from both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67

Whether to enable PAM authentication.

Whether to enable printing /etc/motd when a user logs in interactively.

Gives the verbosity level that is used when logging messages from sshd(8)

If specified, login is denied for all listed users

If specified, login is allowed only for the listed users

Whether sshd should check file modes and ownership of directories

If specified, login is denied for all users part of the listed groups

If specified, login is allowed only for users part of the listed groups

Specifies whether sshd(8) should look up the remote host name, and to check that the resolved host name for the remote IP address maps back to the very same IP address

Whether the root user can login using ssh.

Specifies what environment variables sent by the client will be copied into the session's environment

Specifies whether remote hosts are allowed to connect to ports forwarded for the client

Whether to allow X11 connections to be forwarded.

Allowed key exchange algorithms

Uses the lower bound recommended in both https://stribika.github.io/2015/01/04/secure-secure-shell.html and https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67

Specifies a file that lists principal names that are accepted for certificate authentication

Specifies whether password authentication is allowed.

Specifies whether keyboard-interactive authentication is allowed.