Port 2222
HostKey $PWD/ssh_host_rsa_key
PidFile $PWD/sshd.pid

# Connection settings
ClientAliveInterval 30
ClientAliveCountMax 10
MaxStartups 10
LoginGraceTime 120

# Allow TCP forwarding for tunneling
AllowTcpForwarding yes

# Try to prevent timeouts
TCPKeepAlive yes

# Security
TrustedUserCAKeys /etc/ssh/ca.pub
PubkeyAuthentication yes
PasswordAuthentication no

AuthorizedPrincipalsCommand /bin/bash -c "echo '%t %k' | ssh-keygen -L -f - | grep -A1 Principals"
AuthorizedPrincipalsCommandUser nobody

PubkeyAcceptedKeyTypes ssh-rsa,ssh-ed25519,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com