# Accept environment variables LANG, LC_*, TIMEFORMAT and TZ ...
AcceptEnv LANG LC_* TIMEFORMAT TZ

# Show banner before logging in ...
Banner /etc/banner

# Make sure that users are still connected ...
ClientAliveInterval 5m

# Kill in-active login attempts ...
LoginGraceTime 5m

# Log all activity ...
LogLevel VERBOSE

# Number of password attempts ...
MaxAuthTries 4

# Number of hanging connections ...
MaxStartups 4

# Disable root login ...
PermitRootLogin no

# Enable port forwarding ...
PermitTunnel yes

# Maintain privacy ...
PrintLastLog no

# Use internal SFTP process with increased logging and file mode restrictions ...
Subsystem sftp internal-sftp -l VERBOSE -u 077

# Disable reverse lookup ...
UseDNS no

# Enable X11 forwarding ...
X11Forwarding yes

# Specific options for "sftp_only" group members ...
Match group sftp_only
    # Disallow agent forwarding ...
    AllowAgentForwarding no

    # Disallow TCP forwarding ...
    AllowTCPForwarding no

        # Chroot to the ZFS data partition ...
        ChrootDirectory /mnt/data

    # Force all connections to be SFTP ...
    ForceCommand internal-sftp -l VERBOSE -u 077

    # Disable port forwarding ...
    PermitTunnel no

    # Disable X11 forwarding ...
    X11Forwarding no

# Specific options for "user1" user ...
Match user user1
    # Hide banner ...
    Banner none