Cleaning up to fit AniNIX/Uniglot hooks; catching up with testing

roles/SSH/files/sshd_config

@@ -1,6 +1,6 @@
-### AniNIX::SSH \\ Basic configuration for listening daemon ###
+### AniNIX/SSH | Basic configuration for listening daemon ###
 
-# Daemon spec #
+# Daemon spec
 Port 22
 ListenAddress 0.0.0.0
 PrintMotd yes
@@ -8,17 +8,18 @@ PrintLastLog yes
 StrictModes yes
 Protocol 2
 ChrootDirectory none
+
 # DSA and ECDSA are untrusted for vulnerabilites and backdoors. https://wiki.archlinux.org/index.php/SSH_keys
 # RSA and ED25519 are stable.
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_ed25519_key
 
-# Network Performance #
+# Network Performance
 Compression yes
 ClientAliveInterval 5
 ClientAliveCountMax 3
 
-# Forwarding options # 
+# Forwarding options
 AllowTcpForwarding no
 PermitTunnel no
 AllowAgentForwarding no
@@ -27,10 +28,10 @@ X11DisplayOffset 10
 X11UseLocalhost no
 GatewayPorts no
 
-# Override default of no subsystems to allow SFTP #
-Subsystem	sftp	/usr/lib/ssh/sftp-server
+# Override default of no subsystems to allow SFTP
+Subsystem	sftp	internal-sftp
 
-# Authentication #
+# Authentication
 PubkeyAuthentication yes
 AuthorizedKeysFile	.ssh/authorized_keys
 PasswordAuthentication yes
@@ -44,16 +45,16 @@ AllowGroups ssh-allow
 PermitRootLogin no
 PermitEmptyPasswords no
 
-## Access Controls ###
+## Access Controls
 Match Group ssh-forward
     AllowTcpForwarding yes
     PermitTunnel yes
     AllowAgentForwarding yes
     X11Forwarding yes
-      
-Match Group sftp-home-jail
-    ForceCommand internal-sftp #/usr/lib/ssh/sftp-server
-    ChrootDirectory /home # Lock the user in their home directory
 
-Match User crypto
-    ForceCommand /usr/local/bin/captivecrypto
+Match Group sftp-home-jail
+    ForceCommand internal-sftp
+    ChrootDirectory /home
+
+# Allow other packages to ship snippets
+Include /etc/ssh/includes/*