Commit d1a489d1 authored by Thomas Gambier's avatar Thomas Gambier 🚴🏼

UsePrivilegeSeparation is deprecated

parent 010f66ea
......@@ -19,4 +19,4 @@ md5sum = c4ac5de141ae6a64848309af03e51d88
[template-selenium]
filename = instance-selenium.cfg.in
md5sum = 597991d7354970550d25324e3836adda
md5sum = fc2e8176929063903a69b0e80007ca63
......@@ -224,7 +224,6 @@ template = inline:
Port $${sshd-address:port}
ListenAddress $${sshd-address:ip}
Protocol 2
UsePrivilegeSeparation no
HostKey $${ssh-host-rsa-key:output}
HostKey $${ssh-host-dsa-key:output}
HostKey $${ssh-host-ecdsa-key:output}
......
......@@ -18,7 +18,7 @@ md5sum = 8d6878ff1d2e75010c50a1a2b0c13b24
[template-runner]
filename = instance-runner.cfg
md5sum = 2582723c31166244ff25cb3d8c839ffa
md5sum = 9f367deb7597957e7108bee719b78bcc
[template-runner-import-script]
filename = template/runner-import.sh.jinja2
......
......@@ -262,7 +262,6 @@ template = inline:
Port $${runner-sshd-port:port}
ListenAddress $${slap-network-information:global-ipv6}
Protocol 2
UsePrivilegeSeparation no
HostKey $${runner-sshd-ssh-host-rsa-key:output}
HostKey $${runner-sshd-ssh-host-ecdsa-key:output}
PasswordAuthentication no
......
......@@ -14,7 +14,7 @@
# not need these here).
[pbsready]
filename = pbsready.cfg.in
md5sum = 48d0bba26212b02f255550fff4df5ea6
md5sum = 4b0f914a54c9be5bff2b86f3416f4584
[pbsready-import]
filename = pbsready-import.cfg.in
......
......@@ -177,7 +177,6 @@ template = inline:
Port $${sshd-port:port}
ListenAddress $${slap-network-information:global-ipv6}
Protocol 2
UsePrivilegeSeparation no
HostKey $${directory:ssh}/server_key.rsa
AuthorizedKeysFile $${directory:ssh}/.ssh/authorized_keys
PasswordAuthentication no
......
  • wow this works :) I think that was the reason why we sticked to old openssh

  • In https://www.openssh.com/txt/release-7.5 we can read:

     * This release deprecates the sshd_config UsePrivilegeSeparation
       option, thereby making privilege separation mandatory. Privilege
       separation has been on by default for almost 15 years and
       sandboxing has been on by default for almost the last five.

    And you changed version from 7.4 to 7.7 in 897b1bc3

    So I guessed there was nothing wrong in removing those lines :)

    Edited by Thomas Gambier
  • I thought that this option needed to run as root, but apparently not.

Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment