UsePrivilegeSeparation 'sandbox'

This is was introduced in 5.9, and is default in 6.1.
https://www.openssh.com/txt/release-5.9
https://www.openssh.com/txt/release-6.1
This commit is contained in:
Alexander Weidinger 2017-08-01 00:02:01 +02:00
parent 2171040e11
commit a5f4a56956
2 changed files with 2 additions and 2 deletions

View File

@ -103,7 +103,7 @@
{{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']) -}} {{ option_default_uncommented('HostKey', ['/etc/ssh/ssh_host_rsa_key', '/etc/ssh/ssh_host_dsa_key', '/etc/ssh/ssh_host_ecdsa_key', '/etc/ssh/ssh_host_ed25519_key']) -}}
#Privilege Separation is turned on for security #Privilege Separation is turned on for security
{{ option_default_uncommented('UsePrivilegeSeparation', 'yes') }} {{ option_default_uncommented('UsePrivilegeSeparation', 'sandbox') }}
# Lifetime and size of ephemeral version 1 server key # Lifetime and size of ephemeral version 1 server key
{{ option_default_uncommented('KeyRegenerationInterval', 3600) }} {{ option_default_uncommented('KeyRegenerationInterval', 3600) }}

View File

@ -11,7 +11,7 @@ sshd_config:
- /etc/ssh/ssh_host_dsa_key - /etc/ssh/ssh_host_dsa_key
- /etc/ssh/ssh_host_ecdsa_key - /etc/ssh/ssh_host_ecdsa_key
- /etc/ssh/ssh_host_ed25519_key - /etc/ssh/ssh_host_ed25519_key
UsePrivilegeSeparation: 'yes' UsePrivilegeSeparation: 'sandbox'
KeyRegenerationInterval: 3600 KeyRegenerationInterval: 3600
ServerKeyBits: 1024 ServerKeyBits: 1024
SyslogFacility: AUTH SyslogFacility: AUTH