- print "\n";
- print " o For System Administrators:\n";
- print "\n";
- print " If you are going to run the GSI-OpenSSH server, we recommend\n";
- print " enabling privilege separation. Although this package supports\n";
- print " this feature, your system appears to require some additional\n";
- print " configuration.\n";
- print "\n";
- print " From the file README.privsep, included as a part of the OpenSSH\n";
- print " distribution:\n";
- print "\n";
- print " When privsep is enabled, during the pre-authentication\n";
- print " phase sshd will chroot(2) to \"/var/empty\" and change its\n";
- print " privileges to the \"sshd\" user and its primary group. sshd\n";
- print " is a pseudo-account that should not be used by other\n";
- print " daemons, and must be locked and should contain a \"nologin\"\n";
- print " or invalid shell.\n";
- print "\n";
- print " You should do something like the following to prepare the\n";
- print " privsep preauth environment:\n";
- print "\n";
- print " \# mkdir /var/empty\n";
- print " \# chown root:sys /var/empty\n";
- print " \# chmod 755 /var/empty\n";
- print " \# groupadd sshd\n";
- print " \# useradd -g sshd -c 'sshd privsep' -d /var/empty \\\n";
- print " -s /bin/false sshd\n";
- print "\n";
- print " /var/empty should not contain any files.\n";