diff --git a/.gitignore b/.gitignore
index fca63cd..81bc3cd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -65,6 +65,7 @@ group.org
 ssl/certs
 ssl/private
 ssh/ssh_host_*_key
+ssh/ssh_host_*_key.pub
 *-
 *.gz
 alternatives
@@ -75,9 +76,6 @@ hosts
 resolv.conf
 resolvconf/resolv.conf.d/original
 udev/rules.d/70-persistent-net.rules
-ssh/ssh_host_dsa_key.pub
-ssh/ssh_host_ecdsa_key.pub
-ssh/ssh_host_rsa_key.pub
 hostname
 machine-id
 provisor.ini
diff --git a/ssh/sshd_config b/ssh/sshd_config
index ddd8ec6..606fc03 100644
--- a/ssh/sshd_config
+++ b/ssh/sshd_config
@@ -11,9 +11,9 @@ Protocol 2
 HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
-#HostKey /etc/ssh/ssh_host_ed25519_key
+HostKey /etc/ssh/ssh_host_ed25519_key
 #Privilege Separation is turned on for security
-UsePrivilegeSeparation yes
+UsePrivilegeSeparation sandbox
 
 # Lifetime and size of ephemeral version 1 server key
 KeyRegenerationInterval 3600
@@ -89,4 +89,3 @@ Subsystem sftp /usr/lib/openssh/sftp-server
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
 UsePAM yes
-PasswordAuthentication yes