Hello, there are emerging container services that restrict regular users to launch containers under some random uid for security reasons. If such user needs sshd in their container, they need to turn off `UsePrivilegeSeparation` so that sshd is executed as the current uid and not `root`. I understand that privilege separation [1] is more than changing the process uid. On the other hand, it is unreasonable to expect administrators to let regular users execute privileged code of any sort. If they do so, this would compromise security of all other users. And I can't see how privilege separation can work without giving regular users elevated privileges of some sort. Especially giving users `chroot` privileges would be highly dangerous. Unfortunately I see that in 7.5 the privilege separation option is being deprecated [2]. Other users have raised concerns earlier [3][4] but I don't find much explanation why they were not taken into account. I think it will be beneficial for a lot of users to keep the option present. Container users becoming more and more every day thus IMO container use cases need to be very well covered. Do you have other ideas how container use cases can be covered in the future without giving the users dangerous privileges? Thank you, Aleksandar [1] http://www.citi.umich.edu/u/provos/ssh/privsep.html [2] https://www.openssh.com/txt/release-7.5 [3] https://news.ycombinator.com/item?id=13213174 [4] https://lwn.net/Articles/717553/ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev