diff --git a/templates/ssh/sshd_config.erb b/templates/ssh/sshd_config.erb
index 2ec0b43acad6f0a12f2b6e548e61003e4c3e8b73..558377283379c1b974ac493af7431e4b74a57065 100644
--- a/templates/ssh/sshd_config.erb
+++ b/templates/ssh/sshd_config.erb
@@ -65,13 +65,12 @@ GSSAPIStoreCredentialsOnRekey yes
 <% if (@operatingsystem == 'Ubuntu') then -%>
 GSSAPIStoreCredentialsOnRekey yes
 <% end -%>
-
 <% if (@pam_duo) then -%>
+
 # Require both (GSS-API|PASSWORD) and PAM.
 AuthenticationMethods gssapi-with-mic,keyboard-interactive:pam password,keyboard-interactive:pam
 KerberosAuthentication yes
 <% end -%>
-
 <%- if (@rootloginwithpswd == 'yes') -%>
 # Allow root login with a password (use with care!)
 PermitRootLogin yes