#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
-@@ -50,10 +51,16 @@
- #IgnoreUserKnownHosts no
- # Don't read the user's ~/.rhosts and ~/.shosts files
- #IgnoreRhosts yes
-+IgnoreRhosts yes
-
+@@ -50,6 +51,9 @@
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
-+PasswordAuthentication yes
-+PermitEmptyPasswords no
+
+# Allow DSA keys
-+PubkeyAcceptedKeyTypes +ssh-dss
++## PubkeyAcceptedKeyTypes +ssh-dss
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
-@@ -66,6 +70,8 @@
+@@ -66,6 +70,7 @@
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
+GSSAPIAuthentication yes
-+GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# Host *
# ForwardAgent no
# ForwardX11 no
-+# ForwardX11Trusted yes
++# ForwardX11Trusted no
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
# BatchMode no
# CheckHostIP yes
# AddressFamily any
-@@ -42,3 +45,21 @@
+@@ -42,3 +45,19 @@
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
+
+Host *
+ GSSAPIAuthentication yes
-+ GSSAPIDelegateCredentials no
-+ ForwardAgent no
-+ ForwardX11 no
+# If this option is set to yes then remote X11 clients will have full access
+# to the original X11 display. As virtually no X11 client supports the untrusted
+# mode correctly we set this to yes.
+ ServerAliveCountMax 10
+ TCPKeepAlive no
+ # Allow DSA keys
-+ PubkeyAcceptedKeyTypes +ssh-dss
++# PubkeyAcceptedKeyTypes +ssh-dss
++# HostkeyAlgorithms +ssh-dss
+# Send locale-related environment variables, also pass some GIT vars
+ SendEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
+ HashKnownHosts yes