diff options
| author |   djm <djm@openbsd.org> | 2008-04-04 06:44:26 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2008-04-04 06:44:26 +0000 |
| commit | 295d4c1c2d8edfed05e7f85be7663ebdfa9faf9d (patch) | |
| tree | 790dc95cdf20f44ea8ee5f93e23bc8f12a32108d | |
| parent | fix SEE ALSO; (diff) | |
| download | wireguard-openbsd-295d4c1c2d8edfed05e7f85be7663ebdfa9faf9d.tar.xz wireguard-openbsd-295d4c1c2d8edfed05e7f85be7663ebdfa9faf9d.zip | |
oops, some unrelated stuff crept into that commit - backout.
spotted by jmc@
| -rw-r--r-- | usr.bin/ssh/sshd_config.5 | 35 |
1 files changed, 1 insertions, 34 deletions
diff --git a/usr.bin/ssh/sshd_config.5 b/usr.bin/ssh/sshd_config.5 index a5a140d410b..5aee2ea1be8 100644 --- a/usr.bin/ssh/sshd_config.5 +++ b/usr.bin/ssh/sshd_config.5 @@ -34,7 +34,7 @@ .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. .\" -.\" $OpenBSD: sshd_config.5,v 1.85 2008/04/04 05:14:38 djm Exp $ +.\" $OpenBSD: sshd_config.5,v 1.86 2008/04/04 06:44:26 djm Exp $ .Dd $Mdocdate: April 4 2008 $ .Dt SSHD_CONFIG 5 .Os @@ -210,29 +210,6 @@ in-process sftp server is used (see .Cm Subsystem for details). .Pp -Please note that there are many ways to misconfigure a chroot environment -in ways that compromise security. -These include: -.Pp -.Bl -dash -offset indent -compact -.It -Making unsafe setuid binaries available; -.It -Having missing or incorrect configuration files in the chroot's -.Pa /etc -directory; -.It -Hard-linking files between the chroot and outside; -.It -Leaving unnecessary -.Pa /dev -nodes accessible inside the chroot (especially those for physical drives); -.It -Executing scripts or binaries inside the chroot from outside, either -directly or through facilities such as -.Xr cron 8 . -.El -.Pp The default is not to .Xr chroot 2 . .It Cm Ciphers @@ -363,11 +340,6 @@ Specifying a command of will force the use of an in-process sftp server that requires no support files when used with .Cm ChrootDirectory . -Note that -.Dq internal-sftp -is only supported when -.Cm UsePrivilegeSeparation -is enabled. .It Cm GatewayPorts Specifies whether remote hosts are allowed to connect to ports forwarded for the client. @@ -830,11 +802,6 @@ server. This may simplify configurations using .Cm ChrootDirectory to force a different filesystem root on clients. -Note that -.Dq internal-sftp -is only supported when -.Cm UsePrivilegeSeparation -is enabled. .Pp By default no subsystems are defined. Note that this option applies to protocol version 2 only. |