# default value.
Port 22
-Protocol 1,2
+Protocol 2
+#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
-# rhosts authentication should not be used
-RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no
-# Set this to 'yes' to enable PAM keyboard-interactive authentication
-# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
-#PAMAuthenticationViaKbdInt yes
+# Set this to 'yes' to enable PAM authentication (via challenge-response)
+# and session processing. Depending on your PAM configuration, this may
+# bypass the setting of 'PasswordAuthentication'
+UsePAM yes
+
+# Set this to 'yes' to enable support for chrooted user environment.
+# You must create such environment before you can use this feature.
+#UseChroot yes
X11Forwarding no
X11DisplayOffset 10
#PrintLastLog yes
KeepAlive yes
UseLogin no
-#UsePrivilegeSeparation yes
+
+# enabling this can cause some problems with for example pam_limit
+UsePrivilegeSeparation no
+
#Compression yes
#MaxStartups 10
#VerifyReverseMapping no
# override default of no subsystems
-#Subsystem sftp /usr/lib/openssh/sftp-server
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Security advisory:
+# http://securitytracker.com/alerts/2004/Sep/1011143.html
+AllowTcpForwarding no