# The IP addresses(s) the SSH server will listen on. Use a comma separated list for multiple addresses.
# Leave as "all" for all addresses.
ListenAddress: all
# The port the SSH server will listen on. Note that anything *below* 1024 will require you to run
# the whole minecraft server with elevated privileges (NOT RECOMMENDED).
Port: 1025

# Operational mode. Don't touch if you don't know what you're doing. Can be either DEFAULT or RPC
Mode: DEFAULT

# Enable built-in SFTP server or not. You'll be able to connect and upload/download files via SFTP protocol.
# Might be useful for testing purposes as well , i. e. docker containers.
EnableSFTP: true

# Number of times a person can fail to use an SSH key or enter a password
# before it terminates the connection.
LoginRetries: 3

########################################################################################
# By default, only public key authentication is enabled. This is the most secure mode.
# To authorize a user to login with their public key, install their key using the
# OpenSSH authorized_keys file format in the authorized_users directory. Name the key
# file with the user's username and no extension. Note: If you want to let a user have
# many keys, you can append the keys to their file in authorized_users.
########################################################################################

# For less secure username and password based authentication, complete the sections below.

# Type of hashing to use for the passwords below.
# Options are: PLAIN (insecure), bcrypt, pbkdf2, sha256
#
# You can use the console/in-game command `/mkpasswd [hash] PASSWORD` to
# generate a password hash string then copy it for your passwords below.
# You can also use `/mkpasswd help` to see what algorithms are supported.
PasswordType: bcrypt

# Associate each username with a password hash (or the password if the PasswordType is set to PLAIN)
Credentials:
    # The defaults for any user who does not have a specific section.
    # Specific user permissions override the $default pseudo-user.
    $default:
        # Whether they can read or write to the console
        console: RW
        # SFTP access for anyone.
        sftp:
            # Whether sftp is allowed at all.
            enabled: true
            # Whether to allow or deny by default
            default: allow
            # specific rules for directories
            rules:
                # Deny the SSHD config folder by default as an example.
                "*SSHD/*":
                    readable: false
                    writeable: false

    # Username (should match SSH key if using key-based authentication)
    justasic:
        # Password hash from /mkpasswd command
        password: $2a$10$Oqk83FrypRrMF35EDeoQDuidJOQEWBE0joEQ7MJFi/Oeg26wQ3fm2
        # Whether they can read, write, or have read/write permissions to console.
        console: RW
        # SFTP access for this user.
        sftp:
          # Whether SFTP is enabled for this user.
          enabled: true
          # Whether to deny access by default or allow access by default
          default: allow
          # Rules regarding their SFTP access.
          # These rules are relative to the server root.
          # This acts as a chroot for the server root.
          # Each path can be an absolute path or a regular expression.
          rules:
            "/path/to/file":
                # Whether the user can read the file over SFTP
                readable: true
                # Whether the user can write/modify the file over SFTP
                writeable: true
            "/path/to/regex/*":
                readable: true
                writeable: false
            "/path/to/directory/":
                readable: false
                writeable: true
            "/another/example/path":
                readable: false
                writeable: false