Great excuse to write about how to use ssh keys securely by password protecting the keyfile: On Sunday 11th of November 2012 FreeBSD.org has suffered an intrusion on two machines that contained third party software (packages, ports) within the FreeBSD.org cluster. For details about this read this Incident Report. As far as i can guess from the report and the news, it appears the intruder gained access to the affected systems by means of a developers ssh key that was not protected by a passphrase.
I ran FreeBSD 5.2 for a long time with the default SSHd and then decided to upgrade to 5.3-STABLE. I normally use SecureCRT as my SSH client and I like password authentication. After I upgraded to 5.3, I could no longer logon using password authentication and I had to switch to keyboard interactive. This disallowed me from logging in with sftp from remote locations which really bummed me out. Here is the fix I found.
This walkthrough will root your users to their home directory for those users you don’t want browsing all over your FreeBSD machine. I would suggest doing this at your console or possibly running a script to kill all the running sshds and then starting the sshd2 deamon.