Perhaps placing an emphasis on this: As of now, there is at least on my server a bug when PermitOpen is set to none: https://bugzilla.mindrot.org/show_bug.cgi?id=2355 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778807
Which is why the attached config snippet has this disabled for the moment. Further, some of these directives might only work with newer versions of OpenSSH, but since that file will likely only end up in >=stretch that shouldn't be a big concern for us. Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature