Updated sshd config

config/ssh/sshd_config

@@ -1,29 +1,26 @@
-Protocol 2
+Protocol                        2
-HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey                         /etc/ssh/ssh_host_ed25519_key
-HostKey /etc/ssh/ssh_host_rsa_key
+HostKey                         /etc/ssh/ssh_host_rsa_key
-
+ListenAddress                   0.0.0.0
-Port 3322
+Port                            3322
-ListenAddress 0.0.0.0
+UseDNS                          no
-
+UsePAM                          yes
-StrictModes yes
+X11Forwarding                   yes
-
+X11UseLocalhost                 no
-UsePAM yes
+X11DisplayOffset                10
-PermitRootLogin no
+AllowTcpForwarding              yes
-PubkeyAuthentication yes
+PermitRootLogin                 no
-PasswordAuthentication yes
+PermitEmptyPasswords            no
-PermitEmptyPasswords no
+PermitUserEnvironment           no
+PubkeyAuthentication            yes
+PasswordAuthentication          yes
 ChallengeResponseAuthentication no
-TCPKeepAlive yes
+GSSAPIAuthentication            no
-LoginGraceTime 30
+LoginGraceTime                  30
-ClientAliveInterval 300
+TCPKeepAlive                    yes
-ClientAliveCountMax 1
+ClientAliveInterval             60
-
+ClientAliveCountMax             5
-X11Forwarding yes
+PrintMotd                       no
-X11DisplayOffset 10
+PrintLastLog                    no
-X11UseLocalhost no
+SyslogFacility                  AUTH
-
+LogLevel                        INFO
-PrintMotd no
-PrintLastLog yes
-
-SyslogFacility AUTH
-LogLevel INFO

scripts/bin/container-foreground-cmd

@@ -45,8 +45,11 @@ if [ ! -f "${RANDFILE:?}" ]; then
 fi
 
 # Generate SSH keys if they do not exist
+if [ ! -f /etc/ssh/ssh_host_ed25519_key ]; then
+	ssh-keygen -t ed25519 -f /etc/ssh/ssh_host_ed25519_key -N '' >/dev/null
+fi
 if [ ! -f /etc/ssh/ssh_host_rsa_key ]; then
-	DEBIAN_FRONTEND=noninteractive dpkg-reconfigure openssh-server
+	ssh-keygen -t rsa -b 4096 -f /etc/ssh/ssh_host_rsa_key -N '' >/dev/null
 fi
 
 # Generate self-signed certificate