Feature request: Allow custom directory for privilege separation in the configuration file. And change the pam module.

Damien Miller djm at mindrot.org
Mon Aug 5 12:46:59 AEST 2019

On Sun, 4 Aug 2019, Ramón García wrote:

> In order to be able to have different instances of sshd running in a
> machine (for instance, one for system administrators, other for a file
> transfer service) it should be useful:
> - To allow the administrator to specify the name of the pam module, so
> that one can create a customized file in /etc/pam.d
> - A customized privilege separation directory.

Why do you need this? It just needs to be an empty directory that the
sshd privsep process has no write access to. It's completely fine to
share them between instances.


More information about the openssh-unix-dev mailing list