Privsep is now required.

author: Darren Tucker <dtucker@dtucker.net> 2019-09-19 15:41:23 +1000
committer: Darren Tucker <dtucker@dtucker.net> 2019-09-19 15:41:23 +1000
commit: 5a273a33ca1410351cb484af7db7c13e8b4e8e4e (patch)
tree: bf54186a04ea1f0a2ced7fc902f191c1d1a13ab6 /INSTALL
parent: 8aa2aa3cd4d27d14e74b247c773696349472ef20 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/INSTALL b/INSTALL
index d0fa00e6c..814768791 100644
--- a/INSTALL
+++ b/INSTALL
@@ -24,6 +24,10 @@ If you must use a non-position-independent libcrypto, then you may need
 to configure OpenSSH --without-pie.  Note that due to a bug in EVP_CipherInit
 OpenSSL 1.1 versions prior to 1.1.0g can't be used.
+To support Privilege Separation (which is now required) you will need
+to create the user, group and directory used by sshd for privilege
+separation.  See README.privsep for details.
 The remaining items are optional.
 NB. If you operating system supports /dev/random, you should configure
@@ -133,10 +137,6 @@ make install
 This will install the binaries in /opt/{bin,lib,sbin}, but will place the
 configuration files in /etc/ssh.
-If you are using Privilege Separation (which is enabled by default)
-then you will also need to create the user, group and directory used by
-sshd for privilege separation.  See README.privsep for details.
 If you are using PAM, you may need to manually install a PAM control
 file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
 them).  Note that the service name used to start PAM is __progname,
author	Darren Tucker <dtucker@dtucker.net>	2019-09-19 15:41:23 +1000
committer	Darren Tucker <dtucker@dtucker.net>	2019-09-19 15:41:23 +1000
commit	5a273a33ca1410351cb484af7db7c13e8b4e8e4e (patch)
tree	bf54186a04ea1f0a2ced7fc902f191c1d1a13ab6 /INSTALL
parent	8aa2aa3cd4d27d14e74b247c773696349472ef20 (diff)