This role, sshd, configures an SSH server on a Debian. Specifically
may:

- set host key and certificate
- set user CA
- set port on which server listens

To use, define variables below:

- `sshd_version`---must match the current version for the role
- `sshd_host_key` and `sshd_host_cert`---the host key and
  corresponding certificate
  - note that you must define both for either to work
  - rationale: there's little point in just setting the host key, as
    it will still force people to accept it the first time; a host
    certificate removes that need and allows the key to change at will
- `sshd_port`---the port where the SSH server should listen
  - rationale: on public-facing servers, the default port gets tons of
    login attempts by attackers trying to guess passwords
- `sshd_user_ca_pub`---the public keys of the SSH CAs trusted to
  certify users
  - rationale: using a user CA removes the need to maintain, or have,
    `authorized_keys` files