From 5080bfbee2cdad287c3edfb9a4216f1bb07c3c9f Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Mon, 8 Apr 2019 19:13:21 +0200
Subject: [PATCH] basessh: sandbox privsep is not supported on el6

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
 roles/basessh/templates/sshd_config | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/roles/basessh/templates/sshd_config b/roles/basessh/templates/sshd_config
index 60bb84ac91..ad01f909d4 100644
--- a/roles/basessh/templates/sshd_config
+++ b/roles/basessh/templates/sshd_config
@@ -31,7 +31,11 @@ AllowAgentForwarding no
 X11Forwarding no
 PermitTunnel no
 
+{% if ansible_distribution_major_version == "6" %}
+UsePrivilegeSeparation yes
+{% else %}
 UsePrivilegeSeparation sandbox
+{% endif %}
 
 # Accept locale-related environment
 AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES