Update SSH config #5

New Issue

Closed

opened 2020-02-24 13:51:51 +00:00 by jannik · 1 comment

jannik commented 2020-02-24 13:51:51 +00:00

Owner

Copy Link

See https://infosec.mozilla.org/guidelines/openssh:

# Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
Subsystem sftp  /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO

# Use kernel sandbox mechanisms where possible in unprivileged processes
# Systrace on OpenBSD, Seccomp on Linux, seatbelt on MacOSX/Darwin, rlimit elsewhere.
UsePrivilegeSeparation sandbox

See https://infosec.mozilla.org/guidelines/openssh: ``` # Log sftp level file access (read/write/etc.) that would not be easily logged otherwise. Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO # Use kernel sandbox mechanisms where possible in unprivileged processes # Systrace on OpenBSD, Seccomp on Linux, seatbelt on MacOSX/Darwin, rlimit elsewhere. UsePrivilegeSeparation sandbox ```

jannik self-assigned this 2020-02-24 13:51:51 +00:00

jannik commented 2020-03-08 15:52:41 +00:00

Author

Owner

Copy Link

UsePrivilegeSeparation is deprecated (at least in openssh-server 7.9)

UsePrivilegeSeparation is deprecated (at least in openssh-server 7.9)

jannik referenced this issue from a commit 2020-03-08 15:52:58 +00:00

[CODE] update sshd config (fixes #5)

jannik closed this issue 2020-03-08 15:52:58 +00:00

jannik referenced this issue from a commit 2020-03-08 15:58:00 +00:00

[CODE] update sshd config (fixes #5)

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

master

Labels

Clear labels

No items

No Label

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

jannik

1 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: jannik/ansible-role-server#5

No description provided.