--- openssh-4.6p1/sshd_config~ 2007-10-13 01:37:17.000000000 +0200
+++ openssh-4.6p1/sshd_config 2007-10-13 01:47:12.000000000 +0200
-@@ -34,6 +35,7 @@
+@@ -41,7 +41,7 @@
+ # Authentication:
#LoginGraceTime 2m
- #PermitRootLogin yes
+-#PermitRootLogin prohibit-password
+PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
-
-@@ -50,10 +51,13 @@
- #IgnoreUserKnownHosts no
- # Don't read the user's ~/.rhosts and ~/.shosts files
- #IgnoreRhosts yes
-+IgnoreRhosts yes
-
+ #MaxSessions 10
+@@ -50,6 +51,9 @@
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
-+PasswordAuthentication yes
-+PermitEmptyPasswords no
++
++# Allow DSA keys
++## PubkeyAcceptedKeyTypes +ssh-dss
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
-@@ -66,6 +67,8 @@
+@@ -66,6 +70,7 @@
# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
+GSSAPIAuthentication yes
-+GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
-@@ -78,8 +79,16 @@
+@@ -89,10 +92,12 @@
+ # If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
- #UsePAM no
+-#UsePAM no
+UsePAM yes
-+
-+# Set this to 'yes' to enable support for chrooted user environment.
-+# You must create such environment before you can use this feature.
-+#UseChroot yes
- #AllowTcpForwarding yes
+ #AllowAgentForwarding yes
+-#AllowTcpForwarding yes
+# Security advisory:
+# http://securitytracker.com/alerts/2004/Sep/1011143.html
+AllowTcpForwarding no
#GatewayPorts no
#X11Forwarding no
#X11DisplayOffset 10
-@@ -106,6 +109,9 @@
+@@ -106,6 +112,9 @@
# no default banner path
#Banner /some/path
-+# Accept locale-related environment variables
-+AcceptEnv LANG LC_*
++# Accept locale-related environment variables, also accept some GIT vars
++AcceptEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
+
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
+@@ -119,6 +133,10 @@
+ # override default of no subsystems
+ Subsystem sftp /usr/libexec/sftp-server
+
++# Uncomment this if you want to use .local domain
++#Host *.local
++# CheckHostIP no
++
+ # Example of overriding settings on a per-user basis
+ #Match User anoncvs
+ # X11Forwarding no
--- openssh-4.6p1/ssh_config~ 2006-06-13 05:01:10.000000000 +0200
+++ openssh-4.6p1/ssh_config 2007-10-13 02:00:16.000000000 +0200
-@@ -20,12 +20,15 @@
+@@ -20,10 +20,13 @@
# Host *
# ForwardAgent no
# ForwardX11 no
-+# ForwardX11Trusted yes
- # RhostsRSAAuthentication no
- # RSAAuthentication yes
++# ForwardX11Trusted no
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
-@@ -42,3 +45,19 @@
- # Tunnel no
- # TunnelDevice any:any
- # PermitLocalCommand no
+@@ -42,3 +45,18 @@
+ # VisualHostKey no
+ # ProxyCommand ssh -q -W %h:%p gateway.example.com
+ # RekeyLimit 1G 1h
+
+Host *
+ GSSAPIAuthentication yes
-+ GSSAPIDelegateCredentials no
-+ ForwardAgent no
-+ ForwardX11 no
+# If this option is set to yes then remote X11 clients will have full access
-+# to the original X11 display. As virtually no X11 client supports the untrusted
-+# mode correctly we set this to yes.
-+ ForwardX11Trusted yes
-+ StrictHostKeyChecking no
++# to the original X11 server. As some X11 clients don't support the untrusted
++# mode correctly, you might consider changing this to 'yes' or using '-Y'.
++# ForwardX11Trusted no
+ ServerAliveInterval 60
+ ServerAliveCountMax 10
+ TCPKeepAlive no
-+# Send locale-related environment variables
-+ SendEnv LANG LC_*
++ # Allow DSA keys
++# PubkeyAcceptedKeyTypes +ssh-dss
++# HostkeyAlgorithms +ssh-dss
++# Send locale-related environment variables, also pass some GIT vars
++ SendEnv LANG LC_* LANGUAGE XMODIFIERS TZ GIT_AUTHOR_NAME GIT_AUTHOR_EMAIL GIT_COMMITTER_NAME GIT_COMMITTER_EMAIL
++ HashKnownHosts yes