4.2.9 Configuring SSH - set privilege separation

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version


The recommendation is to edit the /etc/ssh/sshd_config file to ensure that privilege separation is enabled.

Setting privilege separation helps to secure remote ssh access. Once a user is authenticated the sshd daemon creates a child process which has the privileges of the authenticated user and this then handles incoming network traffic. The aim of this is to prevent privilege escalation through the initial root process.


Edit the /etc/ssh/sshd_config file to ensure that privilege separation is enabled-

vi /etc/ssh/sshd_config


UsePrivilegeSeparation no


UsePrivilegeSeparation yes

Re-cycle the sshd daemon to pick up the configuration changes-

stopsrc -s sshd
startsrc -s sshd

See Also