summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorIgor Sobrado <sobrado@cvs.openbsd.org>2015-10-07 14:45:31 +0000
committerIgor Sobrado <sobrado@cvs.openbsd.org>2015-10-07 14:45:31 +0000
commit49cf86b727e5f18716a5d9eddb740303ff7e1bba (patch)
treeaa3d960a1b2cc6e0a6b5370eb1ef0d55813bf35e /usr.bin
parente0b477fd3dfebf94400f2e3d039215ca3ed47199 (diff)
UsePrivilegeSeparation defaults to sandbox now.
ok djm@
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/sshd_config.513
1 files changed, 9 insertions, 4 deletions
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5
index a5953d79b8e..399013e4ce1 100644
--- a/usr.bin/ssh/sshd_config.5
+++ b/usr.bin/ssh/sshd_config.5
@@ -33,8 +33,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.212 2015/09/11 03:13:36 djm Exp $
-.Dd $Mdocdate: September 11 2015 $
+.\" $OpenBSD: sshd_config.5,v 1.213 2015/10/07 14:45:30 sobrado Exp $
+.Dd $Mdocdate: October 7 2015 $
.Dt SSHD_CONFIG 5
.Os
.Sh NAME
@@ -1564,14 +1564,19 @@ After successful authentication, another process will be created that has
the privilege of the authenticated user.
The goal of privilege separation is to prevent privilege
escalation by containing any corruption within the unprivileged processes.
-The default is
-.Dq yes .
+The argument must be
+.Dq yes ,
+.Dq no ,
+or
+.Dq sandbox .
If
.Cm UsePrivilegeSeparation
is set to
.Dq sandbox
then the pre-authentication unprivileged process is subject to additional
restrictions.
+The default is
+.Dq sandbox .
.It Cm VersionAddendum
Optionally specifies additional text to append to the SSH protocol banner
sent by the server upon connection.