content of `debian-files/jail.d_defaults-debian.conf` (banactions only and systemd for sshd) moved to `paths-debian.conf`;

remove default backend (systemd) - too dangerous for all jails, because it's hardly to find an error if some jail mistakenly start to monitor journal instead of logfile (even if it exists), but will silently find nothing;
sshd jail disabled by default - user have to enable jails in jail.local or jail.d

config/paths-debian.conf

@@ -9,6 +9,11 @@ after  = paths-overrides.local
 
 [DEFAULT]
 
+banaction = nftables
+banaction_allports = nftables[type=allports]
+
+sshd_backend = systemd
+
 syslog_mail = /var/log/mail.log
 
 # control the `mail.warn` setting, see `/etc/rsyslog.d/50-default.conf` (if commented `mail.*` wins).

debian/debian-files/jail.d_defaults-debian.conf

@@ -1,7 +0,0 @@
-[DEFAULT]
-banaction = nftables
-banaction_allports = nftables[type=allports]
-backend = systemd
-
-[sshd]
-enabled = true