Home
last modified time | relevance | path

Searched refs:privsep (Results 1 – 18 of 18) sorted by relevance

/external/openssh/
DREADME.privsep1 Privilege separation, or privsep, is method in OpenSSH by which
6 http://www.citi.umich.edu/u/provos/ssh/privsep.html
15 When privsep is enabled, during the pre-authentication phase sshd will
21 You should do something like the following to prepare the privsep
28 # useradd -g sshd -c 'sshd privsep' -d /var/empty -s /bin/false sshd
33 privsep user and chroot directory:
35 --with-privsep-path=xxx Path for privilege separation chroot
36 --with-privsep-user=user Specify non-privileged user for privilege separation
41 PAM-enabled OpenSSH is known to function with privsep on AIX, FreeBSD,
45 part of privsep is supported. Post-authentication privsep is disabled
[all …]
DTODO6 - Merge INSTALL & README.privsep
DChangeLog11 - (djm) [regress/connect-privsep.sh regress/test-exec.sh] demote fatal
42 [regress/connect-privsep.sh]
122 introduce sandboxing of the pre-auth privsep child using systrace(4).
126 privsep child can perform. This prevents a compromised privsep child
132 on the list results in SIGKILL being sent to the privsep child. Note
163 make the pre-auth privsep slave log via a socketpair shared with the
DINSTALL128 sshd for privilege separation. See README.privsep for details.
Dconfigure.ac2463 AC_ARG_WITH([privsep-user],
2464 [ --with-privsep-user=user Specify non-privileged user for privilege separation],
2511 AC_DEFINE([SANDBOX_NULL], [1], [no privsep sandboxing])
3498 AC_ARG_WITH([privsep-path],
3499 [ --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)],
Dconfig.h.in1350 /* no privsep sandboxing */
Dconfigure1422 --with-privsep-user=user Specify non-privileged user for privilege separation
1426 --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
/external/openssh/regress/
Dcert-userkey.sh41 for privsep in yes no ; do
42 _prefix="${ktype} privsep $privsep"
48 echo "UsePrivilegeSeparation $privsep"
124 echo "UsePrivilegeSeparation $privsep"
167 for privsep in yes no ; do
168 _prefix="${ktype} privsep $privsep $auth"
173 echo "UsePrivilegeSeparation $privsep"
187 echo "UsePrivilegeSeparation $privsep"
Dcert-hostkey.sh48 for privsep in yes no ; do
50 verbose "$tid: host ${ktype} cert connect privsep $privsep"
55 echo UsePrivilegeSeparation $privsep
90 for privsep in yes no ; do
92 verbose "$tid: host ${ktype} revoked cert privsep $privsep"
97 echo UsePrivilegeSeparation $privsep
DREADME.regress62 connect-privsep.sh: proxy connect with privsep
DMakefile17 connect-privsep \
/external/openssh/contrib/cygwin/
DMakefile50 $(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep
DREADME52 /usr/doc/openssh/README.privsep. According to that document the
53 privsep feature requires a non-privileged account called 'sshd'.
66 by yourself, please note that in contrast to the README.privsep document
/external/openssh/contrib/aix/
Dbuildbff.sh226 echo UsePrivilegeSeparation not enabled, privsep directory not required.
/external/openssh/contrib/suse/
Dopenssh.spec141 --with-privsep-path=/var/lib/empty \
/external/openssh/contrib/caldera/
Dopenssh.spec182 --with-privsep-path=%{_var}/empty/sshd \
/external/ipsec-tools/src/racoon/
DMakefile.in81 dnssec.$(OBJEXT) getcertsbyname.$(OBJEXT) privsep.$(OBJEXT) \
520 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/privsep.Po@am__quote@
/external/openssh/contrib/redhat/
Dopenssh.spec199 --with-privsep-path=%{_var}/empty/sshd \