# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
-@@ -78,8 +79,16 @@
+@@ -89,10 +89,12 @@
+ # If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
- #UsePAM no
+-#UsePAM no
+UsePAM yes
-+
-+# Set this to 'yes' to enable support for chrooted user environment.
-+# You must create such environment before you can use this feature.
-+#UseChroot yes
- #AllowTcpForwarding yes
+ #AllowAgentForwarding yes
+-#AllowTcpForwarding yes
+# Security advisory:
+# http://securitytracker.com/alerts/2004/Sep/1011143.html
+AllowTcpForwarding no
# no default banner path
#Banner /some/path
-+# Accept locale-related environment variables
-+AcceptEnv LANG LC_*
++# Accept locale-related environment variables, also accept GIT vars
++AcceptEnv LANG LC_* LANGUAGE TZ GIT_*
+
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
# CheckHostIP yes
# AddressFamily any
@@ -42,3 +45,19 @@
- # Tunnel no
- # TunnelDevice any:any
# PermitLocalCommand no
+ # VisualHostKey no
+ # ProxyCommand ssh -q -W %h:%p gateway.example.com
+
+Host *
+ GSSAPIAuthentication yes
+ ServerAliveInterval 60
+ ServerAliveCountMax 10
+ TCPKeepAlive no
-+# Send locale-related environment variables
-+ SendEnv LANG LC_*
++# Send locale-related environment variables, also pass GIT vars
++ SendEnv LANG LC_* LANGUAGE TZ GIT_*
++ HashKnownHosts yes