Port 22
ChallengeResponseAuthentication no
HostKey /etc/gitlab/ssh_host_rsa_key
HostKey /etc/gitlab/ssh_host_ecdsa_key
HostKey /etc/gitlab/ssh_host_ed25519_key
Protocol 2
PermitRootLogin no
PasswordAuthentication no
MaxStartups 100:30:200
AllowUsers git
PrintMotd no
PrintLastLog no
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys /gitlab-data/ssh/authorized_keys
AuthorizedKeysCommand /opt/gitlab/embedded/service/gitlab-shell/bin/gitlab-shell-authorized-keys-check git %u %k
AuthorizedKeysCommandUser git

# With "UsePAM yes" the "!" is seen as a password disabled account and not fully locked so ssh public key login works
# Please make sure that the account is created without passwordlogin ("*" in /etc/shadow) or configure pam. 
# Issue #5891 https://gitlab.com/gitlab-org/omnibus-gitlab
UsePAM no

# Disabling use DNS in ssh since it tends to slow connecting
UseDNS no

# Enable the use of Git protocol v2
AcceptEnv GIT_PROTOCOL