2 files changed, 8 insertions, 11 deletions
diff --git a/INSTALL b/INSTALL
index d0fa00e6c..814768791 100644
--- a/INSTALL
+++ b/INSTALL
@@ -24,6 +24,10 @@ If you must use a non-position-independent libcrypto, then you may need
 to configure OpenSSH --without-pie.  Note that due to a bug in EVP_CipherInit
 OpenSSL 1.1 versions prior to 1.1.0g can't be used.
+To support Privilege Separation (which is now required) you will need
+to create the user, group and directory used by sshd for privilege
+separation.  See README.privsep for details.
 The remaining items are optional.
 NB. If you operating system supports /dev/random, you should configure
@@ -133,10 +137,6 @@ make install
 This will install the binaries in /opt/{bin,lib,sbin}, but will place the
 configuration files in /etc/ssh.
-If you are using Privilege Separation (which is enabled by default)
-then you will also need to create the user, group and directory used by
-sshd for privilege separation.  See README.privsep for details.
 If you are using PAM, you may need to manually install a PAM control
 file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
 them).  Note that the service name used to start PAM is __progname,
diff --git a/README.privsep b/README.privsep
index 460e90565..d658c46db 100644
--- a/README.privsep
+++ b/README.privsep
@@ -5,13 +5,10 @@ escalation by containing corruption to an unprivileged process.
 More information is available at:
        http://www.citi.umich.edu/u/provos/ssh/privsep.html
-Privilege separation is now enabled by default; see the
+Privilege separation is now mandatory.  During the pre-authentication
-UsePrivilegeSeparation option in sshd_config(5).
+phase sshd will chroot(2) to "/var/empty" and change its privileges to the
+"sshd" user and its primary group.  sshd is a pseudo-account that should
-When privsep is enabled, during the pre-authentication phase sshd will
+not be used by other daemons, and must be locked and should contain a
-chroot(2) to "/var/empty" and change its privileges to the "sshd" user
-and its primary group.  sshd is a pseudo-account that should not be
-used by other daemons, and must be locked and should contain a
 "nologin" or invalid shell.
 You should do something like the following to prepare the privsep

diff --git a/INSTALL b/INSTALL index d0fa00e6c..814768791 100644 --- a/INSTALL +++ b/INSTALL
@@ -24,6 +24,10 @@ If you must use a non-position-independent libcrypto, then you may need
24	to configure OpenSSH --without-pie. Note that due to a bug in EVP_CipherInit	24	to configure OpenSSH --without-pie. Note that due to a bug in EVP_CipherInit
25	OpenSSL 1.1 versions prior to 1.1.0g can't be used.	25	OpenSSL 1.1 versions prior to 1.1.0g can't be used.
26		26
		27	To support Privilege Separation (which is now required) you will need
		28	to create the user, group and directory used by sshd for privilege
		29	separation. See README.privsep for details.
		30
27	The remaining items are optional.	31	The remaining items are optional.
28		32
29	NB. If you operating system supports /dev/random, you should configure	33	NB. If you operating system supports /dev/random, you should configure
@@ -133,10 +137,6 @@ make install
133	This will install the binaries in /opt/{bin,lib,sbin}, but will place the	137	This will install the binaries in /opt/{bin,lib,sbin}, but will place the
134	configuration files in /etc/ssh.	138	configuration files in /etc/ssh.
135		139
136	If you are using Privilege Separation (which is enabled by default)
137	then you will also need to create the user, group and directory used by
138	sshd for privilege separation. See README.privsep for details.
139
140	If you are using PAM, you may need to manually install a PAM control	140	If you are using PAM, you may need to manually install a PAM control
141	file as "/etc/pam.d/sshd" (or wherever your system prefers to keep	141	file as "/etc/pam.d/sshd" (or wherever your system prefers to keep
142	them). Note that the service name used to start PAM is __progname,	142	them). Note that the service name used to start PAM is __progname,


diff --git a/README.privsep b/README.privsep index 460e90565..d658c46db 100644 --- a/README.privsep +++ b/README.privsep
@@ -5,13 +5,10 @@ escalation by containing corruption to an unprivileged process.
5	More information is available at:	5	More information is available at:
6	http://www.citi.umich.edu/u/provos/ssh/privsep.html	6	http://www.citi.umich.edu/u/provos/ssh/privsep.html
7		7
8	Privilege separation is now enabled by default; see the	8	Privilege separation is now mandatory. During the pre-authentication
9	UsePrivilegeSeparation option in sshd_config(5).	9	phase sshd will chroot(2) to "/var/empty" and change its privileges to the
10		10	"sshd" user and its primary group. sshd is a pseudo-account that should
11	When privsep is enabled, during the pre-authentication phase sshd will	11	not be used by other daemons, and must be locked and should contain a
12	chroot(2) to "/var/empty" and change its privileges to the "sshd" user
13	and its primary group. sshd is a pseudo-account that should not be
14	used by other daemons, and must be locked and should contain a
15	"nologin" or invalid shell.	12	"nologin" or invalid shell.
16		13
17	You should do something like the following to prepare the privsep	14	You should do something like the following to prepare the privsep