Who uses UseLogin?

Jakub Jelen jjelen at redhat.com
Tue Aug 16 17:37:55 AEST 2016


On 08/16/2016 05:27 AM, Damien Miller wrote:
> Hi,
>
> Does anyone set sshd's UseLogin=yes? If so, why?
>
> I'd like to remove this option - I've not needed it in the last 15 years
> on any platform (making it a very poorly-tested code path) and it breaks
> a few things including post-authentication privilege separation.
>
> Can anyone speak in its defence?
No. We recently marked this option as deprecated in Fedora (throws a 
warning in the logs) and removing it sounds like a good idea to me (it 
does not even work with SELinux enforcing). I set UseLogin=yes only for 
rare testing purposes.

Regards,

-- 
Jakub Jelen
Security Technologies
Red Hat



More information about the openssh-unix-dev mailing list