Adjust sshd_config.j2: Cooment deprecated options (in case of debian buster and above).

2019-07-06 16:25:06 +02:00 · 2019-07-06 16:25:06 +02:00 · 1f74af299f
commit 1f74af299f
parent 19f72f9ae4
1 changed files with 11 additions and 1 deletions
--- a/roles/common/templates/etc/ssh/sshd_config.j2
+++ b/roles/common/templates/etc/ssh/sshd_config.j2
@ -74,7 +74,17 @@ MaxSessions 10
 # Specifies whether sshd(8) separates privileges by creating an unprivileged
 # child process to deal with incoming network traffic.
 # The default is "yes" (for security).
-UsePrivilegeSeparation yes
+{% if (ansible_facts['distribution'] == "Debian") and (ansible_facts['distribution_major_version']|int > 9) %}
+#
+# Note: (Release 7.5)
+#    Deprecated option UsePrivilegeSeparation
+#    Privilege separation has been on by default for almost 15 years
+#    sandboxing has been on by default for almost the last five
+#
+#UsePrivilegeSeparation sandbox
+{% else %}
+UsePrivilegeSeparation sandbox
+{% endif %}

 # The server disconnects after this time if the user has not
 # successfully logged in.