The SUSE operating system SSH daemon must use privilege separation.
An XCCDF Rule
Description
SSH daemon privilege separation causes the SSH process to drop root privileges when not needed, which would decrease the impact of software vulnerabilities in the unprivileged section.
- ID
- SV-217278r991589_rule
- Version
- SLES-12-030240
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
Configure the SUSE operating system SSH daemon is configured to use privilege separation.
Uncomment the "UsePrivilegeSeparation" keyword in "/etc/ssh/sshd_config" and set the value to "yes" or "sandbox":
UsePrivilegeSeparation yes