Date: Sun, 09 Feb 2003 13:49:58 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: "Karl M. Joch" <k.joch@kmjeuro.com> Cc: freebsd-stable@freebsd.org Subject: Re: sshd_config man page typo Message-ID: <xzpvfzt62kp.fsf@flood.ping.uio.no> In-Reply-To: <3E460D09.20908@kmjeuro.com> ("Karl M. Joch"'s message of "Sun, 09 Feb 2003 09:10:49 %2B0100") References: <3E460D09.20908@kmjeuro.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"Karl M. Joch" <k.joch@kmjeuro.com> writes: > after updating a server far away i had to recognize that > UsePrivilegeSeparation is on by default. Updating without creating the > user sshd results in refusing access becaus there is no user found for > Privilege Separation. You did not follow the documented upgrade procedure (which includes running 'mergemaster -p' before installworld). > The man page says the default is NO but it is YES. Bzzzt. The man page clearly says it is on by default: UsePrivilegeSeparation Specifies whether sshd separates privileges by creating an unprivileged child process to deal with incoming network traffic. After successful authentication, another process will be created that has the privilege of the authenticated user. The goal of privilege separation is to prevent privilege escalation by con- taining any corruption within the unprivileged processes. The default is ``yes''. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpvfzt62kp.fsf>