diff options
author | Damien Miller <djm@mindrot.org> | 2012-07-31 12:21:34 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2012-07-31 12:21:34 +1000 |
commit | 5a5c2b9063fc3d7315424702b01527ccb0d4c0c9 (patch) | |
tree | 6bee6b7c37627e0c40544783400285c51d656348 /sshd_config | |
parent | 709a1e90d9cfb7a0e8cdf57fa967d163c010a6bb (diff) |
- djm@cvs.openbsd.org 2012/07/10 02:19:15
[servconf.c servconf.h sshd.c sshd_config]
Turn on systrace sandboxing of pre-auth sshd by default for new installs
by shipping a config that overrides the current UsePrivilegeSeparation=yes
default. Make it easier to flip the default in the future by adding too.
Diffstat (limited to 'sshd_config')
-rw-r--r-- | sshd_config | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sshd_config b/sshd_config index ec3ca2afc..9424ee2c6 100644 --- a/sshd_config +++ b/sshd_config | |||
@@ -1,4 +1,4 @@ | |||
1 | # $OpenBSD: sshd_config,v 1.86 2012/04/12 02:43:55 djm Exp $ | 1 | # $OpenBSD: sshd_config,v 1.87 2012/07/10 02:19:15 djm Exp $ |
2 | 2 | ||
3 | # This is the sshd server system-wide configuration file. See | 3 | # This is the sshd server system-wide configuration file. See |
4 | # sshd_config(5) for more information. | 4 | # sshd_config(5) for more information. |
@@ -99,7 +99,7 @@ AuthorizedKeysFile .ssh/authorized_keys | |||
99 | #PrintLastLog yes | 99 | #PrintLastLog yes |
100 | #TCPKeepAlive yes | 100 | #TCPKeepAlive yes |
101 | #UseLogin no | 101 | #UseLogin no |
102 | #UsePrivilegeSeparation yes | 102 | UsePrivilegeSeparation sandbox # Default for new installations. |
103 | #PermitUserEnvironment no | 103 | #PermitUserEnvironment no |
104 | #Compression delayed | 104 | #Compression delayed |
105 | #ClientAliveInterval 0 | 105 | #ClientAliveInterval 0 |