Hi, On Fri, Feb 12, 2016 at 02:56:30PM +1100, Damien Miller wrote: > OpenSSH 7.2 is almost ready for release, so we would appreciate > testing on as many platforms and systems as possible. This release > contains many bugfixes and several new features. According to bdcb7:sshd_config.5, UsePrivilegeSeparation is set to "sandbox" by default. But default in servconf.c is PRIVSEP_NOSANDBOX. I suppose, we should sync servconf.c and sshd_config with documentation: --- a/servconf.c +++ b/servconf.c @@ -362,7 +362,7 @@ fill_default_server_options(ServerOptions *options) /* Turn privilege separation on by default */ if (use_privsep == -1) - use_privsep = PRIVSEP_NOSANDBOX; + use_privsep = PRIVSEP_ON; #define CLEAR_ON_NONE(v) \ do { \ --- a/sshd_config +++ b/sshd_config @@ -107,7 +107,7 @@ AuthorizedKeysFile .ssh/authorized_keys #PrintLastLog yes #TCPKeepAlive yes #UseLogin no -UsePrivilegeSeparation sandbox # Default for new installations. +#UsePrivilegeSeparation sandbox #PermitUserEnvironment no #Compression delayed #ClientAliveInterval 0 -- glebfm _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev