# Change to yes to enable challenge-response passwords (beware issues with# so

1. # Change to yes to enable challenge-response passwords (beware issues with
2. # some PAM modules and threads)
3. ChallengeResponseAuthentication yes
4.  
5. # Change to no to disable tunnelled clear text passwords
6. #PasswordAuthentication yes
7.  
8. # Kerberos options
9. #KerberosAuthentication no
10. #KerberosGetAFSToken no
11. #KerberosOrLocalPasswd yes
12. #KerberosTicketCleanup yes
13.  
14. # GSSAPI options
15. #GSSAPIAuthentication no
16. #GSSAPICleanupCredentials yes
17.  
18. X11Forwarding yes
19. X11DisplayOffset 10
20. PrintMotd no
21. PrintLastLog yes
22. TCPKeepAlive yes
23. #UseLogin no
24.  
25. #MaxStartups 10:30:60
26. #Banner /etc/issue.net
27.  
28. # Allow client to pass locale environment variables
29. AcceptEnv LANG LC_*
30.  
31. Subsystem sftp /usr/lib/openssh/sftp-server
32.  
33. # Set this to 'yes' to enable PAM authentication, account processing,
34. # and session processing. If this is enabled, PAM authentication will
35. # be allowed through the ChallengeResponseAuthentication and
36. # PasswordAuthentication. Depending on your PAM configuration,
37. # PAM authentication via ChallengeResponseAuthentication may bypass
38. # the setting of "PermitRootLogin without-password".
39. # If you just want the PAM account and session checks to run without
40. # PAM authentication, then enable this but set PasswordAuthentication
41. # and ChallengeResponseAuthentication to 'no'.
42. UsePAM yes
43. AuthenticationMethods publickey,keyboard-interactive:pam keyboard-interactive:pam