Date: Sun, 09 Feb 2003 13:49:58 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: "Karl M. Joch" <k.joch@kmjeuro.com> Cc: freebsd-stable@freebsd.org Subject: Re: sshd_config man page typo Message-ID: <xzpvfzt62kp.fsf@flood.ping.uio.no> In-Reply-To: <3E460D09.20908@kmjeuro.com> ("Karl M. Joch"'s message of "Sun, 09 Feb 2003 09:10:49 %2B0100") References: <3E460D09.20908@kmjeuro.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Karl M. Joch" <k.joch@kmjeuro.com> writes:
> after updating a server far away i had to recognize that
> UsePrivilegeSeparation is on by default. Updating without creating the
> user sshd results in refusing access becaus there is no user found for
> Privilege Separation.
You did not follow the documented upgrade procedure (which includes
running 'mergemaster -p' before installworld).
> The man page says the default is NO but it is YES.
Bzzzt. The man page clearly says it is on by default:
UsePrivilegeSeparation
Specifies whether sshd separates privileges by creating an
unprivileged child process to deal with incoming network traffic.
After successful authentication, another process will be created
that has the privilege of the authenticated user. The goal of
privilege separation is to prevent privilege escalation by con-
taining any corruption within the unprivileged processes. The
default is ``yes''.
DES
--
Dag-Erling Smorgrav - des@ofug.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpvfzt62kp.fsf>