# Some options are set even if they are default to document that they are
# important and to prevent upstream changes from affecting them.
# Some options are set even if they are default to document that they are
# important and to prevent upstream changes from affecting them.
#
# This file is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
#
# This file is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
-# Use privilege separation for increased security.
-UsePrivilegeSeparation yes
+# Use privilege separation for increased security. "sandbox" applies
+# additional restrictions on the unprivileged process.
+UsePrivilegeSeparation sandbox
# Allow more sessions per network connection (e.g. from ControlMaster/-M).
# When not enough sessions are available this message is sent by ssh:
# "mux_client_request_session: session request failed: Session open refused by
# Allow more sessions per network connection (e.g. from ControlMaster/-M).
# When not enough sessions are available this message is sent by ssh:
# "mux_client_request_session: session request failed: Session open refused by
# Send a message after the given seconds of inactivity through the encrypted
# channel. Used to detect stale connections more quickly. Not necessary on all
# Send a message after the given seconds of inactivity through the encrypted
# channel. Used to detect stale connections more quickly. Not necessary on all
#ClientAliveInterval 60
# Disconnect the client if more than max count alive messages were lost
# (default). With the setting above this detects a broken connection after 3
# minutes.
ClientAliveCountMax 3
#ClientAliveInterval 60
# Disconnect the client if more than max count alive messages were lost
# (default). With the setting above this detects a broken connection after 3
# minutes.
ClientAliveCountMax 3