jannik/ansible-role-server
1
1
Fork 0
Code Issues 3 Releases Activity

Update SSH config #5

New issue
Closed
opened 2020-02-24 13:51:51 +00:00 by jannik · 1 comment
jannik commented 2020-02-24 13:51:51 +00:00
Owner
Copy link

See https://infosec.mozilla.org/guidelines/openssh:

# Log sftp level file access (read/write/etc.) that would not be easily logged otherwise.
Subsystem sftp  /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO

# Use kernel sandbox mechanisms where possible in unprivileged processes
# Systrace on OpenBSD, Seccomp on Linux, seatbelt on MacOSX/Darwin, rlimit elsewhere.
UsePrivilegeSeparation sandbox
See https://infosec.mozilla.org/guidelines/openssh: ``` # Log sftp level file access (read/write/etc.) that would not be easily logged otherwise. Subsystem sftp /usr/lib/ssh/sftp-server -f AUTHPRIV -l INFO # Use kernel sandbox mechanisms where possible in unprivileged processes # Systrace on OpenBSD, Seccomp on Linux, seatbelt on MacOSX/Darwin, rlimit elsewhere. UsePrivilegeSeparation sandbox ```
jannik self-assigned this 2020-02-24 13:51:51 +00:00
jannik commented 2020-03-08 15:52:41 +00:00
Author
Owner
Copy link

UsePrivilegeSeparation is deprecated (at least in openssh-server 7.9)

UsePrivilegeSeparation is deprecated (at least in openssh-server 7.9)
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
No results found.
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
jannik
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: jannik/ansible-role-server#5
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?