Call for testing: OpenSSH 7.2
Gleb Fotengauer-Malinovskiy
glebfm at altlinux.org
Wed Feb 17 03:14:04 AEDT 2016
Hi,
On Fri, Feb 12, 2016 at 02:56:30PM +1100, Damien Miller wrote:
> OpenSSH 7.2 is almost ready for release, so we would appreciate
> testing on as many platforms and systems as possible. This release
> contains many bugfixes and several new features.
According to bdcb7:sshd_config.5, UsePrivilegeSeparation is set to
"sandbox" by default.
But default in servconf.c is PRIVSEP_NOSANDBOX.
I suppose, we should sync servconf.c and sshd_config with documentation:
--- a/servconf.c
+++ b/servconf.c
@@ -362,7 +362,7 @@ fill_default_server_options(ServerOptions *options)
/* Turn privilege separation on by default */
if (use_privsep == -1)
- use_privsep = PRIVSEP_NOSANDBOX;
+ use_privsep = PRIVSEP_ON;
#define CLEAR_ON_NONE(v) \
do { \
--- a/sshd_config
+++ b/sshd_config
@@ -107,7 +107,7 @@ AuthorizedKeysFile .ssh/authorized_keys
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
-UsePrivilegeSeparation sandbox # Default for new installations.
+#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
--
glebfm
More information about the openssh-unix-dev
mailing list