#PermitEmptyPasswords no
+
+# Allow DSA keys
-+PubkeyAcceptedKeyTypes +ssh-dss
++## PubkeyAcceptedKeyTypes +ssh-dss
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# X11Forwarding no
--- openssh-4.6p1/ssh_config~ 2006-06-13 05:01:10.000000000 +0200
+++ openssh-4.6p1/ssh_config 2007-10-13 02:00:16.000000000 +0200
-@@ -20,12 +20,15 @@
+@@ -20,10 +20,13 @@
# Host *
# ForwardAgent no
# ForwardX11 no
-+# ForwardX11Trusted yes
- # RhostsRSAAuthentication no
- # RSAAuthentication yes
++# ForwardX11Trusted no
# PasswordAuthentication yes
# HostbasedAuthentication no
# GSSAPIAuthentication no
# BatchMode no
# CheckHostIP yes
# AddressFamily any
-@@ -42,3 +45,22 @@
+@@ -42,3 +45,18 @@
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
# RekeyLimit 1G 1h
+
+Host *
+ GSSAPIAuthentication yes
-+ GSSAPIDelegateCredentials no
-+ ForwardAgent no
-+ ForwardX11 no
+# If this option is set to yes then remote X11 clients will have full access
-+# to the original X11 display. As virtually no X11 client supports the untrusted
-+# mode correctly we set this to yes.
-+ ForwardX11Trusted yes
-+ StrictHostKeyChecking no
++# to the original X11 server. As some X11 clients don't support the untrusted
++# mode correctly, you might consider changing this to 'yes' or using '-Y'.
++# ForwardX11Trusted no
+ ServerAliveInterval 60
+ ServerAliveCountMax 10
+ TCPKeepAlive no