upstream commit

author sobrado@openbsd.org <sobrado@openbsd.org>

Wed, 7 Oct 2015 14:45:30 +0000 (14:45 +0000)

committer Damien Miller <djm@mindrot.org>

Wed, 7 Oct 2015 17:01:05 +0000 (04:01 +1100)
author sobrado@openbsd.org <sobrado@openbsd.org>
Wed, 7 Oct 2015 14:45:30 +0000 (14:45 +0000)
committer Damien Miller <djm@mindrot.org>
Wed, 7 Oct 2015 17:01:05 +0000 (04:01 +1100)
diff --git a/sshd_config.5 b/sshd_config.5

index cd3b5cfe35f7c353e0a9afff09f5b8daed661c3a..149dc7e14080fd100a03e2c79a5435edf1baac44 100644 (file)
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,8 +33,8 @@
  .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  .\"
-.\" $OpenBSD: sshd_config.5,v 1.212 2015/09/11 03:13:36 djm Exp $
-.Dd $Mdocdate: September 11 2015 $
+.\" $OpenBSD: sshd_config.5,v 1.213 2015/10/07 14:45:30 sobrado Exp $
+.Dd $Mdocdate: October 7 2015 $
  .Dt SSHD_CONFIG 5
  .Os
  .Sh NAME
@@ -1587,14 +1587,19 @@ After successful authentication, another process will be created that has
  the privilege of the authenticated user.
  The goal of privilege separation is to prevent privilege
  escalation by containing any corruption within the unprivileged processes.
-The default is
-.Dq yes .
+The argument must be
+.Dq yes ,
+.Dq no ,
+or
+.Dq sandbox .
  If
  .Cm UsePrivilegeSeparation
  is set to
  .Dq sandbox
  then the pre-authentication unprivileged process is subject to additional
  restrictions.
+The default is
+.Dq sandbox .
  .It Cm VersionAddendum
  Optionally specifies additional text to append to the SSH protocol banner
  sent by the server upon connection.
author	sobrado@openbsd.org <sobrado@openbsd.org>
	Wed, 7 Oct 2015 14:45:30 +0000 (14:45 +0000)
committer	Damien Miller <djm@mindrot.org>
	Wed, 7 Oct 2015 17:01:05 +0000 (04:01 +1100)