Updated sshd config

config/ssh/sshd_config

@@ -1,29 +1,26 @@
-Protocol 2
-HostKey /etc/ssh/ssh_host_ed25519_key
-HostKey /etc/ssh/ssh_host_rsa_key
-
-Port 3322
-ListenAddress 0.0.0.0
-
-StrictModes yes
-
-UsePAM yes
-PermitRootLogin no
-PubkeyAuthentication yes
-PasswordAuthentication yes
-PermitEmptyPasswords no
+Protocol                        2
+HostKey                         /etc/ssh/ssh_host_ed25519_key
+HostKey                         /etc/ssh/ssh_host_rsa_key
+ListenAddress                   0.0.0.0
+Port                            3322
+UseDNS                          no
+UsePAM                          yes
+X11Forwarding                   yes
+X11UseLocalhost                 no
+X11DisplayOffset                10
+AllowTcpForwarding              yes
+PermitRootLogin                 no
+PermitEmptyPasswords            no
+PermitUserEnvironment           no
+PubkeyAuthentication            yes
+PasswordAuthentication          yes
 ChallengeResponseAuthentication no
-TCPKeepAlive yes
-LoginGraceTime 30
-ClientAliveInterval 300
-ClientAliveCountMax 1
-
-X11Forwarding yes
-X11DisplayOffset 10
-X11UseLocalhost no
-
-PrintMotd no
-PrintLastLog yes
-
-SyslogFacility AUTH
-LogLevel INFO
+GSSAPIAuthentication            no
+LoginGraceTime                  30
+TCPKeepAlive                    yes
+ClientAliveInterval             60
+ClientAliveCountMax             5
+PrintMotd                       no
+PrintLastLog                    no
+SyslogFacility                  AUTH
+LogLevel                        INFO

scripts/bin/container-foreground-cmd

@@ -45,8 +45,11 @@ if [ ! -f "${RANDFILE:?}" ]; then
 fi
 
 # Generate SSH keys if they do not exist
+if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then
+	ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' >/dev/null
+fi
 if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
-	DEBIAN_FRONTEND=noninteractive dpkg-reconfigure openssh-server
+	ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N '' >/dev/null
 fi
 
 # Generate self-signed certificate