# {{ ansible_managed }}
# See the sshd_config(5) manpage for details

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# Supported HostKey algorithms by order of preference.
HostKey /etc/ssh/ssh_host_ed25519_key
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_ecdsa_key

# LogLevel VERBOSE logs user's key fingerprint on login. Needed to have a clear audit track of which key was using to log in.
LogLevel VERBOSE

# We need sftp and logging
Subsystem sftp internal-sftp -f AUTH -l INFO

{% for i in ssh.config_override|d({}) %}
{{ i }} {{ ssh.config_override[i] }}
{% endfor %}

# add special rules for users and groups defined in host variables

{% for i in ssh.user %}
Match User {{ i }}
{% for j in ssh.user[i]|d({}) %}
	{{ j }} {{ ssh.user[i][j] }}
{% endfor %}
{% endfor %}

{% for i in ssh.group %}
Match Group {{ i }}
{% for j in ssh.group[i]|d({}) %}
	{{ j }} {{ ssh.group[i][j] }}
{% endfor %}
{% endfor %}