diff options
| -rw-r--r-- | usr.bin/ssh/sshd.8 | 16 |
1 files changed, 14 insertions, 2 deletions
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index b286376a7ee..52bc1b19458 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd.8,v 1.171 2002/03/18 17:53:08 provos Exp $ +.\" $OpenBSD: sshd.8,v 1.172 2002/03/18 17:59:09 provos Exp $ .Dd September 25, 1999 .Dt SSHD 8 .Os @@ -831,7 +831,19 @@ will be disabled because .Xr login 1 does not know how to handle .Xr xauth 1 -cookies. +cookies. If +.Cm UsePrivilegeSeparation +is specified, it will be disabled after authentication. +.It Cm UsePrivilegeSeparation +Specifies whether +.Nm +separated privileges by creating an unprivileged child process +to deal with incoming network traffic. After successful authentication, +another process will be created that has the privilege of the authenticated +user. The goal of privilege separation is to prevent privilege +escalation by containing any corruption within the unprivileged processes. +The default is +.Dq no . .It Cm VerifyReverseMapping Specifies whether .Nm |