Port 22
ListenAddress 0.0.0.0
ListenAddress ::
HostKey /etc/ssh/ssh_host_ed25519_key
PermitRootLogin prohibit-password
MaxAuthTries 3
DisableForwarding yes
PrintMotd no
UseDNS no
Banner none
DebianBanner no
Subsystem       sftp    internal-sftp
# Hardened set of key exchange, cipher, and MAC algorithms, as per <https://www.sshaudit.com/hardening_guides.html>.
KexAlgorithms sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org
Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
MACs hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512

Match User root
        AuthenticationMethods publickey

Match Group www-data
        ChrootDirectory %h