On Tue, 14 Mar 2017, Jakub Jelen wrote: > Hello, > I don't see this option deprecated in current portable master. Still in place. > How are we going to be able to switch between Sandbox and just privilege > separation? We might consider some way of disabling sandboxing (apart from editing the source) if there is user demand, but I think developers/packagers can figure out sandbox violations pretty easily from dmesg, etc. > As far as I remember, various people still use this use case to test > other SSH implementation (privsep requires running a root, isn't it?). No, only setuid to an unprivileged user needs that; the rest of privsep including sandboxing is still active if sshd is run as a regular user. > > * Fix various fallout and sharp edges caused by removing SSH protocol > > 1 support from the server, including the server banner string being > > incorrectly terminated with only \n (instead of \r\n), and > > confusing error messages from ssh-keyscan bz#2583. > > I would vouch for this bug get fixed too in the relation to the SSH1 removal: > > https://bugzilla.mindrot.org/show_bug.cgi?id=2686 > > Also this one is a bit confusing: > > https://bugzilla.mindrot.org/show_bug.cgi?id=2682 Will take a look. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
