diff options
author | Darren Tucker <dtucker@dtucker.net> | 2019-09-19 15:41:23 +1000 |
---|---|---|
committer | Darren Tucker <dtucker@dtucker.net> | 2019-09-19 15:41:23 +1000 |
commit | 5a273a33ca1410351cb484af7db7c13e8b4e8e4e (patch) | |
tree | bf54186a04ea1f0a2ced7fc902f191c1d1a13ab6 /README.privsep | |
parent | 8aa2aa3cd4d27d14e74b247c773696349472ef20 (diff) |
Privsep is now required.
Diffstat (limited to 'README.privsep')
-rw-r--r-- | README.privsep | 11 |
1 files changed, 4 insertions, 7 deletions
diff --git a/README.privsep b/README.privsep index 460e9056..d658c46d 100644 --- a/README.privsep +++ b/README.privsep @@ -5,13 +5,10 @@ escalation by containing corruption to an unprivileged process. More information is available at: http://www.citi.umich.edu/u/provos/ssh/privsep.html -Privilege separation is now enabled by default; see the -UsePrivilegeSeparation option in sshd_config(5). - -When privsep is enabled, during the pre-authentication phase sshd will -chroot(2) to "/var/empty" and change its privileges to the "sshd" user -and its primary group. sshd is a pseudo-account that should not be -used by other daemons, and must be locked and should contain a +Privilege separation is now mandatory. During the pre-authentication +phase sshd will chroot(2) to "/var/empty" and change its privileges to the +"sshd" user and its primary group. sshd is a pseudo-account that should +not be used by other daemons, and must be locked and should contain a "nologin" or invalid shell. You should do something like the following to prepare the privsep |