[Ach] SSH: UsePrivilegeSeparation yes
Aaron Zauner
azet at azet.org
Thu Jan 2 18:55:34 CET 2014
On 02 Jan 2014, at 11:29, mls at xlist.pw wrote:
> On Thursday 02 January 2014 22:32:48 Uli wrote:
>> i just read through the document "Applied Crypto Hardening" and stumbled
>> across the SSH-Section. A few settings are not only related to ciphers and
>> encryptions but more to towards authentication, maybe it makes sense to add
>> "UsePrivilegeSeparation yes" then as well?
>
> According to man page "UsePrivilegeSeparation yes" is the default. The
> question is if setting it to "sandbox" would make sense.
Well it would. As would chrooting the thing. But thats actually something for which a ticket at the linux distribution vendor should be opened. At least in my opionion.
Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140102/9e2f11ed/attachment.sig>
More information about the Ach
mailing list