ansible/oopen-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adjust sshd_config.j2: Cooment deprecated options (in case of debian buster and above).

Browse Source
This commit is contained in:
Christoph 2019-07-06 16:25:06 +02:00
parent 19f72f9ae4
commit 1f74af299f
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
roles/common/templates/etc/ssh/sshd_config.j2
View File

@ -74,7 +74,17 @@ MaxSessions 10
# Specifies whether sshd(8) separates privileges by creating an unprivileged # Specifies whether sshd(8) separates privileges by creating an unprivileged
# child process to deal with incoming network traffic. # child process to deal with incoming network traffic.
# The default is "yes" (for security). # The default is "yes" (for security).
UsePrivilegeSeparation yes {% if (ansible_facts['distribution'] == "Debian") and (ansible_facts['distribution_major_version']|int > 9) %}
#
# Note: (Release 7.5)
# Deprecated option UsePrivilegeSeparation
# Privilege separation has been on by default for almost 15 years
# sandboxing has been on by default for almost the last five
#
#UsePrivilegeSeparation sandbox
{% else %}
UsePrivilegeSeparation sandbox
{% endif %}
# The server disconnects after this time if the user has not # The server disconnects after this time if the user has not
# successfully logged in. # successfully logged in.