diff options
Diffstat (limited to 'debian/README.Debian')
| -rw-r--r-- | debian/README.Debian | 10 |
1 files changed, 3 insertions, 7 deletions
diff --git a/debian/README.Debian b/debian/README.Debian index bb1f7cf48..cb1444a47 100644 --- a/debian/README.Debian +++ b/debian/README.Debian | |||
| @@ -33,15 +33,11 @@ Privilege Separation | |||
| 33 | 33 | ||
| 34 | As of 3.3, openssh has employed privilege separation to reduce the | 34 | As of 3.3, openssh has employed privilege separation to reduce the |
| 35 | quantity of code that runs as root, thereby reducing the impact of | 35 | quantity of code that runs as root, thereby reducing the impact of |
| 36 | some security holes in sshd. | 36 | some security holes in sshd. This now also works properly with PAM. |
| 37 | 37 | ||
| 38 | Unfortunately, privilege separation interacts badly with PAM. Any PAM | 38 | Privilege separation is turned on by default, so, if you decide you |
| 39 | session modules that need to run as root (pam_mkhomedir, for example) | ||
| 40 | will fail, and PAM keyboard-interactive authentication won't work. | ||
| 41 | |||
| 42 | Privilege separation is turned on by default, so if you decide you | ||
| 43 | want it turned off, you need to add "UsePrivilegeSeparation no" to | 39 | want it turned off, you need to add "UsePrivilegeSeparation no" to |
| 44 | /etc/ssh/sshd_config | 40 | /etc/ssh/sshd_config. |
| 45 | 41 | ||
| 46 | PermitRootLogin set to yes | 42 | PermitRootLogin set to yes |
| 47 | -------------------------- | 43 | -------------------------- |