Who uses UseLogin?
Jakub Jelen
jjelen at redhat.com
Tue Aug 16 17:37:55 AEST 2016
On 08/16/2016 05:27 AM, Damien Miller wrote:
> Hi,
>
> Does anyone set sshd's UseLogin=yes? If so, why?
>
> I'd like to remove this option - I've not needed it in the last 15 years
> on any platform (making it a very poorly-tested code path) and it breaks
> a few things including post-authentication privilege separation.
>
> Can anyone speak in its defence?
No. We recently marked this option as deprecated in Fedora (throws a
warning in the logs) and removing it sounds like a good idea to me (it
does not even work with SELinux enforcing). I set UseLogin=yes only for
rare testing purposes.
Regards,
--
Jakub Jelen
Security Technologies
Red Hat
More information about the openssh-unix-dev
mailing list