diff -Naur -x '*.rej' -x '*.orig' -x '*~' openssh-6.5p1/ssh_config openssh-6.5p1-config/ssh_config
--- openssh-6.5p1/ssh_config	2013-10-10 01:24:12.000000000 +0200
+++ openssh-6.5p1-config/ssh_config	2014-02-04 21:04:18.685518659 +0100
@@ -19,7 +19,7 @@
 
 # Host *
 #   ForwardAgent no
-#   ForwardX11 no
+ForwardX11 yes
 #   RhostsRSAAuthentication no
 #   RSAAuthentication yes
 #   PasswordAuthentication yes
@@ -46,3 +46,13 @@
 #   VisualHostKey no
 #   ProxyCommand ssh -q -W %h:%p gateway.example.com
 #   RekeyLimit 1G 1h
+
+# If this option is set to yes then remote X11 clients will have full access
+# to the original X11 display. As virtually no X11 client supports the untrusted
+# mode correctly we set this to yes.
+ForwardX11Trusted yes
+
+# Send locale-related environment variables
+#SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+#SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+#SendEnv LC_IDENTIFICATION LC_ALL
diff -Naur -x '*.rej' -x '*.orig' -x '*~' openssh-6.5p1/sshd_config openssh-6.5p1-config/sshd_config
--- openssh-6.5p1/sshd_config	2014-01-12 09:20:47.000000000 +0100
+++ openssh-6.5p1-config/sshd_config	2014-02-04 20:59:32.985585770 +0100
@@ -3,7 +3,7 @@
 # This is the sshd server system-wide configuration file.  See
 # sshd_config(5) for more information.
 
-# This sshd was compiled with PATH=/usr/bin:/bin:/usr/sbin:/sbin
+# This sshd was compiled with PATH=_OPENSSH_PATH_
 
 # The strategy used for options in the default sshd_config shipped with
 # OpenSSH is to specify options with their default value where
@@ -19,10 +19,10 @@
 #Protocol 2
 
 # HostKey for protocol version 1
-#HostKey /etc/ssh/ssh_host_key
+HostKey /etc/ssh/ssh_host_key
 # HostKeys for protocol version 2
-#HostKey /etc/ssh/ssh_host_rsa_key
-#HostKey /etc/ssh/ssh_host_dsa_key
+HostKey /etc/ssh/ssh_host_rsa_key
+HostKey /etc/ssh/ssh_host_dsa_key
 #HostKey /etc/ssh/ssh_host_ecdsa_key
 #HostKey /etc/ssh/ssh_host_ed25519_key
 
@@ -41,7 +41,7 @@
 # Authentication:
 
 #LoginGraceTime 2m
-#PermitRootLogin yes
+PermitRootLogin no
 #StrictModes yes
 #MaxAuthTries 6
 #MaxSessions 10
@@ -94,12 +94,20 @@
 # If you just want the PAM account and session checks to run without
 # PAM authentication, then enable this but set PasswordAuthentication
 # and ChallengeResponseAuthentication to 'no'.
-#UsePAM no
+# Warning: when running under systemd, and PAM usage is disabled, restarting 
+# SSH service will likely kill off any ssh connections, including the
+# current one
+UsePAM yes
+
+# Accept locale-related environment variables
+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+AcceptEnv LC_IDENTIFICATION LC_ALL
 
 #AllowAgentForwarding yes
 #AllowTcpForwarding yes
 #GatewayPorts no
-#X11Forwarding no
+X11Forwarding yes
 #X11DisplayOffset 10
 #X11UseLocalhost yes
 #PermitTTY yes