# This is for sshd in management VRF, for ansible and other not-really-OOB stuff.
PidFile none
UsePAM no
Subsystem sftp /usr/lib/openssh/sftp-server

# Only allow pubkey auth.
KbdInteractiveAuthentication no
PasswordAuthentication no
PermitRootLogin prohibit-password

# Disable what we can.
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no