This role is used for basic hardening of a SSH daemon. It features common basic hardening features like disabling root login, requiring pubkey authentication and disabling some unsafe-ish, rarely used features.
PasswordAuthentication nowhich makes BF-attempts harderChallengeResponseAuthentication nobecause we don't use itPubkeyAuthentication yesbecause only key-based auth is allowedPermitRootLogin noas it can pose a security threatClientAliveInterval 300to disconnect all idle sessions after 300s=5mProtocol 2because SSHv1 has security issues and should not be used as fallback