From a5f4a56956b301e1931d06bc1b34214aeafe36c0 Mon Sep 17 00:00:00 2001
From: Alexander Weidinger <aw@sz9i.net>
Date: Tue, 1 Aug 2017 00:02:01 +0200
Subject: [PATCH] UsePrivilegeSeparation 'sandbox'

This is was introduced in 5.9, and is default in 6.1.
https://www.openssh.com/txt/release-5.9
https://www.openssh.com/txt/release-6.1
---
 openssh/files/sshd_config | 2 +-
 pillar.example            | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/openssh/files/sshd_config b/openssh/files/sshd_config
index 9a1615c..fafb1c6 100644
--- a/openssh/files/sshd_config
+++ b/openssh/files/sshd_config
@@ -103,7 +103,7 @@
 {{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']) -}}
 
 #Privilege Separation is turned on for security
-{{ option_default_uncommented('UsePrivilegeSeparation', 'yes') }}
+{{ option_default_uncommented('UsePrivilegeSeparation', 'sandbox') }}
 
 # Lifetime and size of ephemeral version 1 server key
 {{ option_default_uncommented('KeyRegenerationInterval', 3600) }}
diff --git a/pillar.example b/pillar.example
index 6c40341..c295bb1 100644
--- a/pillar.example
+++ b/pillar.example
@@ -11,7 +11,7 @@ sshd_config:
     - /etc/ssh/ssh_host_dsa_key
     - /etc/ssh/ssh_host_ecdsa_key
     - /etc/ssh/ssh_host_ed25519_key
-  UsePrivilegeSeparation: 'yes'
+  UsePrivilegeSeparation: 'sandbox'
   KeyRegenerationInterval: 3600
   ServerKeyBits: 1024
   SyslogFacility: AUTH