SyslogFacility AUTHPRIV

PermitRootLogin no
PermitRootLogin forced-commands-only

PubkeyAuthentication yes

AuthorizedKeysCommand /usr/local/bin/ssh-ldap-pubkey-wrapper
AuthorizedKeysCommandUser nobody

PasswordAuthentication no

ChallengeResponseAuthentication no

UsePAM yes

X11Forwarding no
PrintLastLog yes
UsePrivilegeSeparation sandbox		# Default for new installations.

# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

# override default of no subsystems
Subsystem sftp	/usr/libexec/openssh/sftp-server
