Date: Sat, 01 Mar 2014 11:39:08 +0400 From: Andrey Chernov <ache@freebsd.org> To: des@freebsd.org, stable@freebsd.org Subject: Re: openssh in stable-10 broken config or sandbox Message-ID: <53118E9C.5030804@freebsd.org> In-Reply-To: <531184A8.4050909@freebsd.org> References: <531184A8.4050909@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 01.03.2014 10:56, Andrey Chernov wrote: > Hi. > Default /etc/ssh/sshd_config have > #UsePrivilegeSeparation sandbox > I.e. 'sandbox' by default. It breaks logins with error: > sshd[81721]: fatal: ssh_sandbox_child: failed to limit the network socket [preauth] > Fixed by using old way, i.e. direct > UsePrivilegeSeparation yes > instead of 'sandbox'. Please fix this bug. Just find that capsicum is required now for default (i.e. sandbox) mode. Don't think it is wise move, people may lost remote connections that way, at least UPDATING entry is needed, but check for WITHOUT_CAPSICUM for defaults will be better. -- http://ache.vniz.net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?53118E9C.5030804>