From 73f54dd0cbb1237f6352accf48fa9bd8cb840d8e Mon Sep 17 00:00:00 2001
From: Tim Abbott <tabbott@zulipchat.com>
Date: Mon, 26 Sep 2016 09:59:40 -0700
Subject: [PATCH] sshd_config: Add updates from Xenial upstream.

It seems worth updating this to match the Linux distro this
configuration targets.
---
 puppet/zulip_ops/files/sshd_config | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/puppet/zulip_ops/files/sshd_config b/puppet/zulip_ops/files/sshd_config
index 9e13f45180..e0331ee55a 100644
--- a/puppet/zulip_ops/files/sshd_config
+++ b/puppet/zulip_ops/files/sshd_config
@@ -10,12 +10,14 @@ Protocol 2
 # HostKeys for protocol version 2
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_ecdsa_key
+HostKey /etc/ssh/ssh_host_ed25519_key
 #Privilege Separation is turned on for security
 UsePrivilegeSeparation yes
 
 # Lifetime and size of ephemeral version 1 server key
 KeyRegenerationInterval 3600
-ServerKeyBits 768
+ServerKeyBits 1024
 
 # Logging
 SyslogFacility AUTH
@@ -23,7 +25,7 @@ LogLevel INFO
 
 # Authentication:
 LoginGraceTime 120
-PermitRootLogin without-password
+PermitRootLogin prohibit-password
 StrictModes yes
 
 RSAAuthentication yes