From 28381df8f53a82ba54997f5708d6edabb0817648 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@freedombone.net>
Date: Thu, 29 Jun 2017 13:47:22 +0100
Subject: [PATCH] Ensure privilege separation exists

---
 src/freedombone-utils-ssh | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/freedombone-utils-ssh b/src/freedombone-utils-ssh
index 274ebd04..9e35d088 100755
--- a/src/freedombone-utils-ssh
+++ b/src/freedombone-utils-ssh
@@ -115,6 +115,9 @@ function configure_ssh {
         echo "KexAlgorithms $SSH_KEX" >> /etc/ssh/sshd_config
     fi
     sed -i "s|#KexAlgorithms $SSH_KEX|KexAlgorithms $SSH_KEX|g" /etc/ssh/sshd_config
+    if ! grep -q 'UsePrivilegeSeparation' /etc/ssh/sshd_config; then
+        echo 'UsePrivilegeSeparation sandbox' >> /etc/ssh/sshd_config
+    fi
     sed -i 's|#UsePrivilegeSeparation .*|UsePrivilegeSeparation sandbox|g' /etc/ssh/sshd_config
     sed -i 's|UsePrivilegeSeparation .*|UsePrivilegeSeparation sandbox|g' /etc/ssh/sshd_config