From 1f74af299f90ea8afaf905b53cb269270998ca4a Mon Sep 17 00:00:00 2001
From: Christoph <ckubu@oopen.de>
Date: Sat, 6 Jul 2019 16:25:06 +0200
Subject: [PATCH] Adjust sshd_config.j2: Cooment deprecated options (in case of
 debian buster and above).

---
 roles/common/templates/etc/ssh/sshd_config.j2 | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/roles/common/templates/etc/ssh/sshd_config.j2 b/roles/common/templates/etc/ssh/sshd_config.j2
index 6b52692..bf36834 100644
--- a/roles/common/templates/etc/ssh/sshd_config.j2
+++ b/roles/common/templates/etc/ssh/sshd_config.j2
@@ -74,7 +74,17 @@ MaxSessions 10
 # Specifies whether sshd(8) separates privileges by creating an unprivileged
 # child process to deal with incoming network traffic.
 # The default is "yes" (for security).
-UsePrivilegeSeparation yes
+{% if (ansible_facts['distribution'] == "Debian") and (ansible_facts['distribution_major_version']|int > 9) %}
+#
+# Note: (Release 7.5)
+#    Deprecated option UsePrivilegeSeparation
+#    Privilege separation has been on by default for almost 15 years
+#    sandboxing has been on by default for almost the last five
+#
+#UsePrivilegeSeparation sandbox
+{% else %}
+UsePrivilegeSeparation sandbox
+{% endif %}
 
 # The server disconnects after this time if the user has not
 # successfully logged in.