From 7438e6ffc35186cb603d0fdaf8e51432a5cf5bcd Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Mon, 19 Jun 2017 10:57:54 +0100
Subject: [PATCH] Use kernel sandbox for ssh

---
 src/freedombone-utils-ssh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/freedombone-utils-ssh b/src/freedombone-utils-ssh
index 780d0ed7..c92f2e66 100755
--- a/src/freedombone-utils-ssh
+++ b/src/freedombone-utils-ssh
@@ -88,6 +88,8 @@ function configure_ssh {
         echo "KexAlgorithms $SSH_KEX" >> /etc/ssh/sshd_config
     fi
     sed -i "s|#KexAlgorithms $SSH_KEX|KexAlgorithms $SSH_KEX|g" /etc/ssh/sshd_config
+    sed -i 's|#UsePrivilegeSeparation .*|UsePrivilegeSeparation sandbox|g' /etc/ssh/sshd_config
+    sed -i 's|UsePrivilegeSeparation .*|UsePrivilegeSeparation sandbox|g' /etc/ssh/sshd_config
 
     apt-get -yq install fail2ban vim-common