Deprecated option UsePrivilegeSeparation

[laurentL]

Hi, https://www.openssh.com/releasenotes.html OpenSSH 7.5/7.5p1 (2017-03-20) This release includes a number of changes that may affect existing configurations:

• This release deprecates the sshd_config UsePrivilegeSeparation option, thereby making privilege separation mandatory. Privilege separation has been on by default for almost 15 years and sandboxing has been on by default for almost the last five.

UsePrivilegeSeparation must be remove, Impact: impossible to start sshd

[myii]

@laurentL Apologies for the delay, just a quick response here.

https://github.com/saltstack-formulas/openssh-formula/search?q=UsePrivilegeSeparation&unscoped_q=UsePrivilegeSeparation

• It should be possible to change the value of UsePrivilegeSeparation for the time being.

As for the longer term, then we can look at how to remove it without affecting those using older versions of OpenSSH.

[alxwr]

UsePrivilegeSeparation has been an opt-in for quite some time now. https://github.com/saltstack-formulas/openssh-formula/blob/3d2442f3c6eb4ebb46fad8f933d2b5b5b3e6d9e3/openssh/files/default/sshd_config#L90

Unless the administrator explicitly enables it, there is no impact at all.

I agree that we could just remove UsePrivilegeSeparation from this formula.

If existing Pillar data requires it, It will still work via https://github.com/saltstack-formulas/openssh-formula/blob/3d2442f3c6eb4ebb46fad8f933d2b5b5b3e6d9e3/openssh/files/default/sshd_config#L204.

I opened a PR.