diff options
| author | Damien Miller <djm@mindrot.org> | 2012-07-31 04:21:34 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2012-07-31 04:21:34 +0200 |
| commit | 5a5c2b9063fc3d7315424702b01527ccb0d4c0c9 (patch) | |
| tree | 6bee6b7c37627e0c40544783400285c51d656348 /sshd_config | |
| parent | - jmc@cvs.openbsd.org 2012/07/06 06:38:03 (diff) | |
| download | openssh-5a5c2b9063fc3d7315424702b01527ccb0d4c0c9.tar.xz openssh-5a5c2b9063fc3d7315424702b01527ccb0d4c0c9.zip | |
- djm@cvs.openbsd.org 2012/07/10 02:19:15
[servconf.c servconf.h sshd.c sshd_config]
Turn on systrace sandboxing of pre-auth sshd by default for new installs
by shipping a config that overrides the current UsePrivilegeSeparation=yes
default. Make it easier to flip the default in the future by adding too.
Diffstat (limited to 'sshd_config')
| -rw-r--r-- | sshd_config | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sshd_config b/sshd_config index ec3ca2afc..9424ee2c6 100644 --- a/sshd_config +++ b/sshd_config @@ -1,4 +1,4 @@ -# $OpenBSD: sshd_config,v 1.86 2012/04/12 02:43:55 djm Exp $ +# $OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. @@ -99,7 +99,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PrintLastLog yes #TCPKeepAlive yes #UseLogin no -#UsePrivilegeSeparation yes +UsePrivilegeSeparation sandbox # Default for new installations. #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 |