HostKey /.bottlerocket/host-containers/current/etc/ssh/ssh_host_rsa_key
HostKey /.bottlerocket/host-containers/current/etc/ssh/ssh_host_ecdsa_key
HostKey /.bottlerocket/host-containers/current/etc/ssh/ssh_host_ed25519_key

PasswordAuthentication no

ChallengeResponseAuthentication no

UsePAM yes

AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE

# SFTP is enabled by default in Amazon Linux 2; keeping that behavior here.
Subsystem sftp	/usr/libexec/openssh/sftp-server

PermitRootLogin no

# Configured by user data
TrustedUserCAKeys /etc/ssh/trusted_user_ca_keys.pub