From: Simon Ruderich Date: Mon, 6 Jan 2014 13:38:40 +0000 (+0100) Subject: sshd_config: Use UsePrivilegeSeparation sandbox. X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=660c485b1a83ae0bbae28a09b983f11bd536fcf9;p=config%2Fdotfiles.git sshd_config: Use UsePrivilegeSeparation sandbox. --- diff --git a/sshd_config b/sshd_config index fe57dc6..28e2465 100644 --- a/sshd_config +++ b/sshd_config @@ -3,7 +3,7 @@ # Some options are set even if they are default to document that they are # important and to prevent upstream changes from affecting them. -# Copyright (C) 2013 Simon Ruderich +# Copyright (C) 2013-2014 Simon Ruderich # # This file is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -25,8 +25,9 @@ Port 22 # Only use protocol 2. Protocol 1 is insecure. (default) Protocol 2 -# Use privilege separation for increased security. -UsePrivilegeSeparation yes +# Use privilege separation for increased security. "sandbox" applies +# additional restrictions on the unprivileged process. +UsePrivilegeSeparation sandbox # Don't use PAM because it may circumvent other authentication methods used # below (default).