On 08/16/2016 05:27 AM, Damien Miller wrote:
Hi,
Does anyone set sshd's UseLogin=yes? If so, why?
I'd like to remove this option - I've not needed it in the last 15 years
on any platform (making it a very poorly-tested code path) and it breaks
a few things including post-authentication privilege separation.
Can anyone speak in its defence?
No. We recently marked this option as deprecated in Fedora (throws a
warning in the logs) and removing it sounds like a good idea to me (it
does not even work with SELinux enforcing). I set UseLogin=yes only for
rare testing purposes.
Regards,
--
Jakub Jelen
Security Technologies
Red Hat
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev