ssh hardening
https://stribika.github.io/2015/01/04/secure-secure-shell.html
there is already some ssh hardening things in the ssh puppet module, but there are some improvements that can be made still, unfortunately we can't do the curve25519 stuff until we can rip out the capistrano bits in leap cli. Need to investigate if we can install the wheezy-backport version without 25519 and still do some of the things on this page until capistrano is removed.
(from redmine: created on 2015-01-06, relates #7591 (closed), relates #8002 (closed))