4405271e69
This patch is a follow-on docs patch for the sshd configuration work. Implements: blueprint security-rhel7-stig Change-Id: Ie140302bd0a20282f2f08a1296e04217e52da114
546 B
546 B
---id: RHEL-07-040690 status: implemented tag: sshd ---
The UsePrivilegeSeparation configuration is set to
sandbox in /etc/ssh/sshd_config and sshd is
restarted.
Deployers can opt out of this change by setting the following Ansible variable:
security_sshd_enable_privilege_separation: noNote
Although the STIG requires this setting to be yes, the
sandbox setting actually provides more security because it
enables privilege separation during the early authentication
process.