diff --git a/manifests/init.pp b/manifests/init.pp
index fe0ea452a..4180df9c3 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,6 +1,9 @@
 class ssh (
-  $disable_user_known_hosts = true
-) {
+  $sshd_default_options = $ssh::params::sshd_default_options,
+  $sshd_options         = {},
+  $ssh_default_options  = $ssh::params::ssh_default_options,
+  $ssh_options          = {}
+) inherits ssh::params {
   include ssh::server
   include ssh::client
 }
diff --git a/manifests/params.pp b/manifests/params.pp
index fb7fa2d5d..e7b71131c 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -32,4 +32,16 @@
       }
     }
   }
+
+  $sshd_default_options = {
+    'ChallengeResponseAuthentication' => 'no',
+    'X11Forwarding'                   => 'yes',
+    'PrintMotd'                       => 'no',
+    'AcceptEnv'                       => 'LANG LC_*',
+    'Subsystem'                       => 'sftp /usr/lib/openssh/sftp-server',
+    'UsePAM'                          => 'yes',
+  }
+
+  $ssh_default_options = {
+  }
 }
diff --git a/manifests/server.pp b/manifests/server.pp
index f09a839f3..48a45c41d 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -1,8 +1,22 @@
-class ssh::server {
-  include ssh::params
+class ssh::server(
+  $default_options = $ssh::params::sshd_default_options,
+  $options         = {}
+) inherits ssh::params {
+
   include ssh::server::install
   include ssh::server::config
   include ssh::server::service
   include ssh::hostkeys
   include ssh::knownhosts
+
+  anchor { 'ssh::server::start': }
+  anchor { 'ssh::server::end': }
+
+  Anchor['ssh::server::start'] ->
+  Class['ssh::server::install'] ->
+  Class['ssh::server::config'] ~>
+  Class['ssh::server::service'] ->
+  Class['ssh::hostkeys'] ->
+  Class['ssh::knownhosts'] ->
+  Anchor['ssh::server::end']
 }
diff --git a/manifests/server/config.pp b/manifests/server/config.pp
index 48be6f317..dc7615d56 100644
--- a/manifests/server/config.pp
+++ b/manifests/server/config.pp
@@ -1,11 +1,10 @@
 class ssh::server::config {
   file { $ssh::params::sshd_config:
     ensure  => present,
-    owner   => 'root',
-    group   => 'root',
+    owner   => 0,
+    group   => 0,
     mode    => '0600',
-    replace => false,
-    source  => "puppet:///modules/${module_name}/sshd_config",
+    content => template("${module_name}/sshd_config.erb"),
     require => Class['ssh::server::install'],
     notify  => Class['ssh::server::service'],
   }
diff --git a/templates/sshd_config.erb b/templates/sshd_config.erb
new file mode 100644
index 000000000..dda821002
--- /dev/null
+++ b/templates/sshd_config.erb
@@ -0,0 +1,9 @@
+# File is managed by Puppet
+
+<%- scope.lookupvar('ssh::server::default_options').each do |k, v| -%>
+<%= k %> <%= v %>
+<%- end -%>
+
+<%- scope.lookupvar('ssh::server::options').each do |k, v| -%>
+<%= k %> <%= v %>
+<%- end -%>