Update SSH config #5

Closed
opened 2020-02-24 13:51:51 +00:00 by jannik · 1 comment
Owner

See https://infosec.mozilla.org/guidelines/openssh:

# Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
Subsystem sftp  /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO

# Use kernel sandbox mechanisms where possible in unprivileged processes
# Systrace on OpenBSD, Seccomp on Linux, seatbelt on MacOSX/Darwin, rlimit elsewhere.
UsePrivilegeSeparation sandbox
See https://infosec.mozilla.org/guidelines/openssh: ``` # Log sftp level file access (read/write/etc.) that would not be easily logged otherwise. Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO # Use kernel sandbox mechanisms where possible in unprivileged processes # Systrace on OpenBSD, Seccomp on Linux, seatbelt on MacOSX/Darwin, rlimit elsewhere. UsePrivilegeSeparation sandbox ```
jannik self-assigned this 2020-02-24 13:51:51 +00:00
Author
Owner

UsePrivilegeSeparation is deprecated (at least in openssh-server 7.9)

UsePrivilegeSeparation is deprecated (at least in openssh-server 7.9)
Sign in to join this conversation.
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: jannik/ansible-role-server#5
No description provided.