539 B
539 B
---id: V-72265 status: implemented tag: sshd ---
The UsePrivilegeSeparation
configuration is set to
sandbox
in /etc/ssh/sshd_config
and sshd is
restarted.
Deployers can opt out of this change by setting the following Ansible variable:
security_sshd_enable_privilege_separation: no
Note
Although the STIG requires this setting to be yes
, the
sandbox
setting actually provides more security because it
enables privilege separation during the early authentication
process.