diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config
index b59c59c..1a9ed64 100644
--- a/openssh/files/sshd_config
+++ b/openssh/files/sshd_config
@@ -102,7 +102,11 @@ PrintMotd no # pam does that
 #PrintLastLog yes
 #TCPKeepAlive yes
 #UseLogin no
+{% if grains['os_family'] == 'RedHat' %}
+UsePrivilegeSeparation yes              # RedHat/Centos 6.4 and earlier currently ship 5.3 (sandbox introduced in OpenSSH 5.9)
+{% else %}
 UsePrivilegeSeparation sandbox		# Default for new installations.
+{% endif %}
 #PermitUserEnvironment no
 #Compression delayed
 #ClientAliveInterval 0
diff --git a/openssh/init.sls b/openssh/init.sls
index 2acb85e..bff357d 100644
--- a/openssh/init.sls
+++ b/openssh/init.sls
@@ -29,6 +29,7 @@ sshd_config:
   file.managed:
     - name: /etc/ssh/sshd_config
     - source: salt://openssh/files/sshd_config
+    - template: jinja
     - user: root
     - mode: 600