11 files changed, 84 insertions, 109 deletions

diff --git a/ChangeLog b/ChangeLog
index 5bf2bd17d..7250c6c53 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,7 @@
      - split key exchange (kex) and user authentication (user-auth), ok: provos@
  - Big manpage and config file cleanup from Andre Lucas
    <andre.lucas@dial.pipex.com>
+   - Re-added latest (unmodified) OpenBSD manpages
 
 20000119
  - SCO compile fixes from Gary E. Miller <gem@rellim.com>
diff --git a/Makefile.in b/Makefile.in
index 0bfe2f15b..020b63264 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -24,7 +24,6 @@ AR=@AR@
 RANLIB=@RANLIB@
 INSTALL=@INSTALL@
 PERL=@PERL@
-FIXPATHS=$(PERL) @top_srcdir@/fixpaths -Dsysconfdir=${sysconfdir} -Dpiddir=${piddir}
 LDFLAGS=-L. @LDFLAGS@
 
 GNOME_CFLAGS=`gnome-config --cflags gnome gnomeui`
@@ -38,10 +37,14 @@ SSHOBJS= ssh.o sshconnect.o log-client.o readconf.o clientloop.o
 
 SSHDOBJS= sshd.o auth-rhosts.o auth-krb4.o auth-pam.o auth-passwd.o auth-rsa.o auth-rh-rsa.o pty.o log-server.o login.o servconf.o serverloop.o bsd-login.o md5crypt.o
 
-MANPAGES=scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8
+MANPAGES        = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh.1 sshd.8
 
 CONFIGFILES=sshd_config ssh_config
 
+PATHSUBS        = -D/etc/ssh_config=$(sysconfdir)/ssh_config -D/etc/sshd_config=$(sysconfdir)/sshd_config -D/etc/shosts.equiv=$(sysconfdir)/shosts.equiv -D/etc/ssh_host_key=$(sysconfdir)/ssh_host_key -D/var/run/sshd.pid=$(piddir)/sshd.pid
+
+FIXPATHSCMD     = $(PERL) $(srcdir)/fixpaths $(PATHSUBS)
+
 all: $(TARGETS) $(MANPAGES) $(CONFIGFILES)
 
 $(LIBOBJS): config.h
@@ -71,33 +74,12 @@ ssh-keygen: libssh.a ssh-keygen.o log-client.o
 gnome-ssh-askpass: gnome-ssh-askpass.c
         $(CC) $(CFLAGS) $(GNOME_CFLAGS) -o $@ gnome-ssh-askpass.c $(GNOME_LIBS)
 
-scp.1: scp.1.in
-        $(FIXPATHS) $(srcdir)/scp.1.in
-
-ssh-add.1: ssh-add.1.in
-        $(FIXPATHS) ssh-add.1.in
-
-ssh-agent.1: ssh-agent.1.in
-        $(FIXPATHS) ssh-agent.1.in
-
-ssh-keygen.1: ssh-keygen.1.in
-        $(FIXPATHS) ssh-keygen.1.in
-
-ssh.1: ssh.1.in
-        $(FIXPATHS) ssh.1.in
-
-sshd.8: sshd.8.in
-        $(FIXPATHS) sshd.8.in
-
-sshd_config: sshd_config.in
-        $(FIXPATHS) sshd_config.in
-
-ssh_config: ssh_config.in
-        $(FIXPATHS) ssh_config.in
+$(MANPAGES) $(CONFIGFILES)::
+        $(FIXPATHSCMD) $(srcdir)/$@
 
 clean:
         rm -f *.o *.a $(TARGETS) config.status config.cache config.log 
-        rm -f core *.1 *.8 sshd_config ssh_config
+        rm -f *.out core
 
 distclean: clean
         rm -f Makefile config.h core *~
@@ -119,12 +101,12 @@ install: $(TARGETS)
         $(INSTALL) -s ssh-agent $(bindir)/ssh-agent
         $(INSTALL) -s ssh-keygen $(bindir)/ssh-keygen
         $(INSTALL) -s sshd $(sbindir)/sshd
-        $(INSTALL) -m 644 ssh.1 $(mandir)/man1/ssh.1
-        $(INSTALL) -m 644 scp.1 $(mandir)/man1/scp.1
-        $(INSTALL) -m 644 ssh-add.1 $(mandir)/man1/ssh-add.1
-        $(INSTALL) -m 644 ssh-agent.1 $(mandir)/man1/ssh-agent.1
-        $(INSTALL) -m 644 ssh-keygen.1 $(mandir)/man1/ssh-keygen.1
-        $(INSTALL) -m 644 sshd.8 $(mandir)/man8/sshd.8
+        $(INSTALL) -m 644 ssh.1.out $(mandir)/man1/ssh.1
+        $(INSTALL) -m 644 scp.1.out $(mandir)/man1/scp.1
+        $(INSTALL) -m 644 ssh-add.1.out $(mandir)/man1/ssh-add.1
+        $(INSTALL) -m 644 ssh-agent.1.out $(mandir)/man1/ssh-agent.1
+        $(INSTALL) -m 644 ssh-keygen.1.out $(mandir)/man1/ssh-keygen.1
+        $(INSTALL) -m 644 sshd.8.out $(mandir)/man8/sshd.8
         -rm -f $(bindir)/slogin
         ln -s ssh $(bindir)/slogin
         -rm -f $(mandir)/man1/slogin.1
@@ -138,8 +120,8 @@ install: $(TARGETS)
 
         if [ ! -f $(sysconfdir)/ssh_config -a ! -f $(sysconfdir)/sshd_config ]; then \
                 $(INSTALL) -d $(sysconfdir); \
-                $(INSTALL) -m 644 ssh_config $(sysconfdir)/ssh_config; \
-                $(INSTALL) -m 644 sshd_config $(sysconfdir)/sshd_config; \
+                $(INSTALL) -m 644 ssh_config.out $(sysconfdir)/ssh_config; \
+                $(INSTALL) -m 644 sshd_config.out $(sysconfdir)/sshd_config; \
         fi
 
 uninstallall:   uninstall
diff --git a/fixpaths b/fixpaths
index 8a6740649..e6f47c713 100755
--- a/fixpaths
+++ b/fixpaths
@@ -3,22 +3,26 @@
 # fixpaths  - substitute makefile variables into text files
 
 
-$usage = "Usage: $0 [-D<variable>=<value>] [[infile] ...]\n";
+$usage = "Usage: $0 [-x<file dot-suffix>] [-Dstring=replacement] [[infile] ...]\n";
+
+$ext="out";
 
 if (!defined(@ARGV)) { die ("$usage"); }
 
 # read in the command line and get some definitions
 while ($_=$ARGV[0], /^-/) {
-  if (/^-D/) {
+  if (/^-[Dx]/) {
     # definition
     shift(@ARGV);
     if ( /-D(.*)=(.*)/ ) {
       $def{"$1"}=$2;
+    } elsif ( /-x\s*(\w+)/ ) {
+        $ext=$1;
     } else {
       die ("$usage$0: error in command line arguments.\n");
     }
   } else {
-    &usage; die ("$usage$0: unknown option '-".$ARGV[0][1]."'\n");
+    die ("$usage$0: unknown option '-".$ARGV[0][1]."'\n");
   }
 } # while parsing arguments
 
@@ -29,13 +33,13 @@ if (!defined(%def)) {
 for $f (@ARGV) {
 
   $f =~ /(.*\/)*(.*)$/;
-  $of = $2; $of =~ s/.in$//;
+  $of = $2.".$ext"; 
 
   open(IN, "<$f")          || die ("$0: input file $f missing!\n");
   if (open(OUT, ">$of")) {
     while (<IN>) {
       for $s (keys(%def)) {
-        s#\@$s\@#$def{$s}#;
+        s#$s#$def{$s}#;
       } # for $s
       print OUT;
     } # while <IN>
diff --git a/scp.1.in b/scp.1
index a0e699ba7..b9f686155 100644
--- a/scp.1.in
+++ b/scp.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sun May  7 00:14:37 1995 ylo
 .\"
-.\" $Id: scp.1.in,v 1.2 2000/01/14 04:45:51 damien Exp $
+.\" $Id: scp.1,v 1.5 2000/01/20 12:13:36 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SCP 1
diff --git a/ssh-add.1.in b/ssh-add.1
index 80ba28873..e326940de 100644
--- a/ssh-add.1.in
+++ b/ssh-add.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 23:55:14 1995 ylo
 .\"
-.\" $Id: ssh-add.1.in,v 1.1 1999/12/26 22:23:58 damien Exp $
+.\" $Id: ssh-add.1,v 1.8 2000/01/20 12:13:36 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH-ADD 1
diff --git a/ssh-agent.1.in b/ssh-agent.1
index f8084e299..506b83723 100644
--- a/ssh-agent.1.in
+++ b/ssh-agent.1
@@ -109,14 +109,6 @@ environment variable holds the agent's PID.
 .Pp
 The agent exits automatically when the command given on the command
 line terminates.
-.Pp
-Here's a trick that will allow you to start this up from your .bash_profile (just put it in as the first thing that happens):
-.Sp
-.Vb 1
-
-\&      [ ! "$SSH_AGENT_PID" ] && exec ssh-agent -- bash --login
-\&      ssh-add
-.Ve
 .Sh FILES
 .Bl -tag -width Ds
 .It Pa $HOME/.ssh/identity
diff --git a/ssh-keygen.1.in b/ssh-keygen.1
index 493484756..bc2a0bec7 100644
--- a/ssh-keygen.1.in
+++ b/ssh-keygen.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 23:55:14 1995 ylo
 .\"
-.\" $Id: ssh-keygen.1.in,v 1.1 1999/12/26 22:23:58 damien Exp $
+.\" $Id: ssh-keygen.1,v 1.8 2000/01/20 12:13:37 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH-KEYGEN 1
diff --git a/ssh.1.in b/ssh.1
index b93e1c8b4..f6f874d76 100644
--- a/ssh.1.in
+++ b/ssh.1
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: ssh.1.in,v 1.3 2000/01/20 11:44:09 damien Exp $
+.\" $Id: ssh.1,v 1.15 2000/01/20 12:13:38 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSH 1
@@ -66,7 +66,7 @@ his/her identity to the remote machine using one of several methods.
 First, if the machine the user logs in from is listed in
 .Pa /etc/hosts.equiv
 or
-.Pa @sysconfdir@/shosts.equiv
+.Pa /etc/shosts.equiv
 on the remote machine, and the user names are
 the same on both sides, the user is immediately permitted to log in.
 Second, if 
@@ -89,10 +89,10 @@ means that if the login would be permitted by
 .Pa \&.shosts ,
 .Pa /etc/hosts.equiv ,
 or
-.Pa @sysconfdir@/shosts.equiv ,
+.Pa /etc/shosts.equiv ,
 and if additionally the server can verify the client's
 host key (see 
-.Pa @sysconfdir@/ssh_known_hosts
+.Pa /etc/ssh_known_hosts
 and
 .Pa $HOME/.ssh/known_hosts
 in the
@@ -250,7 +250,7 @@ identifications for all hosts it has ever been used with.  The
 database is stored in 
 .Pa \&.ssh/known_hosts
 in the user's home directory.  Additionally, the file 
-.Pa @sysconfdir@/ssh_known_hosts
+.Pa /etc/ssh_known_hosts
 is automatically checked for known hosts.  Any new hosts are
 automatically added to the user's file.  If a host's identification
 ever changes,
@@ -434,7 +434,7 @@ obtains configuration data from the following sources (in this order):
 command line options, user's configuration file
 .Pq Pa $HOME/.ssh/config ,
 and system-wide configuration file
-.Pq Pa @sysconfdir@/ssh_config .
+.Pq Pa /etc/ssh_config .
 For each parameter, the first obtained value
 will be used.  The configuration files contain sections bracketed by
 "Host" specifications, and that section is only applied for hosts that
@@ -568,7 +568,7 @@ The default is
 .Dq no .
 .It Cm GlobalKnownHostsFile
 Specifies a file to use instead of 
-.Pa @sysconfdir@/ssh_known_hosts .
+.Pa /etc/ssh_known_hosts .
 .It Cm HostName
 Specifies the real host name to log into.  This can be used to specify
 nicnames or abbreviations for hosts.  Default is the name given on the
@@ -710,7 +710,7 @@ ssh will never automatically add host keys to the
 file, and refuses to connect hosts whose host key has changed.  This
 provides maximum protection against trojan horse attacks.  However, it
 can be somewhat annoying if you don't have good
-.Pa @sysconfdir@/ssh_known_hosts
+.Pa /etc/ssh_known_hosts
 files installed and frequently
 connect new hosts.  Basically this option forces the user to manually
 add any new hosts.  Normally this option is disabled, and new hosts
@@ -817,7 +817,7 @@ to the environment.
 .It Pa $HOME/.ssh/known_hosts
 Records host keys for all hosts the user has logged into (that are not
 in
-.Pa @sysconfdir@/ssh_known_hosts ) .
+.Pa /etc/ssh_known_hosts ) .
 See
 .Xr sshd 8 .
 .It Pa $HOME/.ssh/identity
@@ -856,7 +856,7 @@ identity files (that is, each line contains the number of bits in
 modulus, public exponent, modulus, and comment fields, separated by
 spaces).  This file is not highly sensitive, but the recommended
 permissions are read/write for the user, and not accessible by others.
-.It Pa @sysconfdir@/ssh_known_hosts
+.It Pa /etc/ssh_known_hosts
 Systemwide list of known host keys.  This file should be prepared by the
 system administrator to contain the public host keys of all machines in the
 organization.  This file should be world-readable.  This file contains
@@ -875,7 +875,7 @@ to verify the client host when logging in; other names are needed because
 does not convert the user-supplied name to a canonical name before
 checking the key, because someone with access to the name servers
 would then be able to fool host authentication.
-.It Pa @sysconfdir@/ssh_config
+.It Pa /etc/ssh_config
 Systemwide configuration file.  This file provides defaults for those
 values that are not specified in the user's configuration file, and
 for those users who do not have a configuration file.  This file must
@@ -902,7 +902,7 @@ Note that by default
 will be installed so that it requires successful RSA host
 authentication before permitting \s+2.\s0rhosts authentication.  If your
 server machine does not have the client's host key in
-.Pa @sysconfdir@/ssh_known_hosts ,
+.Pa /etc/ssh_known_hosts ,
 you can store it in
 .Pa $HOME/.ssh/known_hosts .
 The easiest way to do this is to
@@ -929,13 +929,13 @@ manual page).  If the client host is found in this file, login is
 automatically permitted provided client and server user names are the
 same.  Additionally, successful RSA host authentication is normally
 required.  This file should only be writable by root.
-.It Pa @sysconfdir@/shosts.equiv
+.It Pa /etc/shosts.equiv
 This file is processed exactly as 
 .Pa /etc/hosts.equiv .
 This file may be useful to permit logins using
 .Nm
 but not using rsh/rlogin.
-.It Pa @sysconfdir@/sshrc
+.It Pa /etc/sshrc
 Commands in this file are executed by
 .Nm
 when the user logs in just before the user's shell (or command) is started.
diff --git a/ssh_config.in b/ssh_config
index 9fb064deb..6e732a22e 100644
--- a/ssh_config.in
+++ b/ssh_config
@@ -28,3 +28,9 @@
 #   Port 22
 #   Cipher blowfish
 #   EscapeChar ~
+
+# Be paranoid by default
+Host *
+        ForwardAgent no
+        ForwardX11 no
+        FallBackToRsh no
diff --git a/sshd.8.in b/sshd.8
index 7448fd1a4..dfbf9c8ec 100644
--- a/sshd.8.in
+++ b/sshd.8
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: sshd.8.in,v 1.4 2000/01/20 11:44:10 damien Exp $
+.\" $Id: sshd.8,v 1.11 2000/01/20 12:13:39 damien Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSHD 8
@@ -123,7 +123,7 @@ not fork and will only process one connection.  This option is only
 intended for debugging for the server.
 .It Fl f Ar configuration_file
 Specifies the name of the configuration file.  The default is
-.Pa @sysconfdir@/sshd_config .
+.Pa /etc/sshd_config .
 .Nm
 refuses to start if there is no configuration file.
 .It Fl g Ar login_grace_time
@@ -133,7 +133,7 @@ this many seconds, the server disconnects and exits.  A value of zero
 indicates no limit.
 .It Fl h Ar host_key_file
 Specifies the file from which the host key is read (default
-.Pa @sysconfdir@/ssh_host_key ) .
+.Pa /etc/ssh_host_key ) .
 This option must be given if
 .Nm
 is not run as root (as the normal
@@ -185,7 +185,7 @@ to use IPv6 addresses only.
 .Sh CONFIGURATION FILE
 .Nm
 reads configuration data from 
-.Pa @sysconfdir@/sshd_config
+.Pa /etc/sshd_config
 (or the file specified with
 .Fl f
 on the command line).  The file
@@ -253,7 +253,7 @@ id isn't recognized.  By default login is allowed regardless of
 the user name.
 .It Cm HostKey
 Specifies the file containing the private host key (default
-.Pa @sysconfdir@/ssh_host_key ) .
+.Pa /etc/ssh_host_key ) .
 Note that
 .Nm
 does not start if this file is group/world-accessible.
@@ -262,7 +262,7 @@ Specifies that rhosts and shosts files will not be used in
 authentication.
 .Pa /etc/hosts.equiv
 and
-.Pa @sysconfdir@/shosts.equiv 
+.Pa /etc/shosts.equiv 
 are still used.  The default is 
 .Dq no .
 .It Cm IgnoreUserKnownHosts
@@ -483,7 +483,7 @@ Changes to user's home directory.
 If
 .Pa $HOME/.ssh/rc
 exists, runs it; else if
-.Pa @sysconfdir@/sshrc
+.Pa /etc/sshrc
 exists, runs
 it; otherwise runs xauth.  The
 .Dq rc
@@ -569,7 +569,7 @@ from="*.niksula.hut.fi,!pc.niksula.hut.fi" 1024 35 23.\|.\|.\|2334 ylo@niksula
 command="dump /home",no-pty,no-port-forwarding 1024 33 23.\|.\|.\|2323 backup.hut.fi
 .Sh SSH_KNOWN_HOSTS FILE FORMAT
 The 
-.Pa @sysconfdir@/ssh_known_hosts
+.Pa /etc/ssh_known_hosts
 and 
 .Pa $HOME/.ssh/known_hosts
 files contain host public keys for all known hosts.  The global file should
@@ -592,7 +592,7 @@ pattern on the line.
 .Pp
 Bits, exponent, and modulus are taken directly from the host key; they
 can be obtained, e.g., from
-.Pa @sysconfdir@/ssh_host_key.pub .
+.Pa /etc/ssh_host_key.pub .
 The optional comment field continues to the end of the line, and is not used.
 .Pp
 Lines starting with
@@ -611,25 +611,25 @@ Note that the lines in these files are typically hundreds of characters
 long, and you definitely don't want to type in the host keys by hand.
 Rather, generate them by a script
 or by taking 
-.Pa @sysconfdir@/ssh_host_key.pub
+.Pa /etc/ssh_host_key.pub
 and adding the host names at the front.
 .Ss Examples
 closenet,closenet.hut.fi,.\|.\|.\|,130.233.208.41 1024 37 159.\|.\|.93 closenet.hut.fi
 .Sh FILES
 .Bl -tag -width Ds
-.It Pa @sysconfdir@/sshd_config
+.It Pa /etc/sshd_config
 Contains configuration data for
 .Nm sshd .
 This file should be writable by root only, but it is recommended
 (though not necessary) that it be world-readable.
-.It Pa @sysconfdir@/ssh_host_key
+.It Pa /etc/ssh_host_key
 Contains the private part of the host key.
 This file should only be owned by root, readable only by root, and not
 accessible to others.
 Note that
 .Nm
 does not start if this file is group/world-accessible.
-.It Pa @sysconfdir@/ssh_host_key.pub
+.It Pa /etc/ssh_host_key.pub
 Contains the public part of the host key.
 This file should be world-readable but writable only by
 root.  Its contents should match the private part.  This file is not
@@ -637,7 +637,7 @@ really used for anything; it is only provided for the convenience of
 the user so its contents can be copied to known hosts files.
 These two files are created using
 .Xr ssh-keygen 1 .
-.It Pa @piddir@/sshd.pid
+.It Pa /var/run/sshd.pid
 Contains the process ID of the
 .Nm
 listening for connections (if there are several daemons running
@@ -650,14 +650,14 @@ This file must be readable by root (which may on some machines imply
 it being world-readable if the user's home directory resides on an NFS
 volume).  It is recommended that it not be accessible by others.  The
 format of this file is described above.
-.It Pa "@sysconfdir@_known_hosts" and "$HOME/.ssh/known_hosts"
+.It Pa "/etc/ssh_known_hosts" and "$HOME/.ssh/known_hosts"
 These files are consulted when using rhosts with RSA host
 authentication to check the public key of the host.  The key must be
 listed in one of these files to be accepted.
 The client uses the same files
 to verify that the remote host is the one we intended to
 connect. These files should be writable only by root/the owner.
-.Pa @sysconfdir@/ssh_known_hosts
+.Pa /etc/ssh_known_hosts
 should be world-readable, and
 .Pa $HOME/.ssh/known_hosts
 can but need not be world-readable.
@@ -719,7 +719,7 @@ user root access.  The only valid use for user names that I can think
 of is in negative entries.
 .Pp
 Note that this warning also applies to rsh/rlogin.
-.It Pa @sysconfdir@/shosts.equiv
+.It Pa /etc/shosts.equiv
 This is processed exactly as
 .Pa /etc/hosts.equiv .
 However, this file may be useful in environments that want to run both
@@ -749,13 +749,13 @@ something similar to: "if read proto cookie; then echo add $DISPLAY
 $proto $cookie | xauth -q -; fi".
 .Pp
 If this file does not exist,
-.Pa @sysconfdir@/sshrc
+.Pa /etc/sshrc
 is run, and if that
 does not exist either, xauth is used to store the cookie.
 .Pp
 This file should be writable only by the user, and need not be
 readable by anyone else.
-.It Pa @sysconfdir@/sshrc
+.It Pa /etc/sshrc
 Like
 .Pa $HOME/.ssh/rc .
 This can be used to specify
diff --git a/sshd_config.in b/sshd_config
index cb2c56e05..614cf706b 100644
--- a/sshd_config.in
+++ b/sshd_config
@@ -3,58 +3,48 @@
 Port 22
 ListenAddress 0.0.0.0
 #ListenAddress ::
-HostKey @sysconfdir@/ssh_host_key
+HostKey /etc/ssh_host_key
 ServerKeyBits 768
 LoginGraceTime 600
 KeyRegenerationInterval 3600
 PermitRootLogin yes
+#
+# Don't read ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
 StrictModes yes
 X11Forwarding no
 X11DisplayOffset 10
 PrintMotd yes
 KeepAlive yes
-CheckMail no
-UseLogin no
 
-#
-# Loglevel replaces QuietMode and FascistLogging
-#
+# Logging
 SyslogFacility AUTH
 LogLevel INFO
+#obsoletes QuietMode and FascistLogging
 
-#
-# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
-#
-RhostsRSAAuthentication no
-
-#
-# Don't read ~/.rhosts and ~/.shosts files
-#
-IgnoreRhosts yes
 RhostsAuthentication no
-
 #
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+# For this to work you will also need host keys in /etc/ssh_known_hosts
+RhostsRSAAuthentication no
 #
-#IgnoreUserKnownHosts yes
-
 RSAAuthentication yes
 
 # To disable tunneled clear text passwords, change to no here!
 PasswordAuthentication yes
 PermitEmptyPasswords no
-
-#
-# Uncomment to disable s/key passwords (must be compiled with s/key support)
-#
+# Uncomment to disable s/key passwords 
 #SkeyAuthentication no
 
-#
-# To change Kerberos options (must be compiled with Kerberos support)
-#
+# To change Kerberos options
 #KerberosAuthentication no
 #KerberosOrLocalPasswd yes
 #AFSTokenPassing no
 #KerberosTicketCleanup no
+
 # Kerberos TGT Passing does only work with the AFS kaserver
 #KerberosTgtPassing yes
+
+CheckMail no
+UseLogin no