The openssh privilege separation (privsep) works by chrooting a forked and unprivileged sshd process; a process owned by a user with a restricted home directory, and no login shell. The recommendation by the author of privsep [1], and by openssh [2], is to use /var/empty, with permissions 0755, owned by root:root (or similar group). The openssh package in Slackware is indeed compiled with the --with-privsep-path=/var/empty option, and the directory /var/empty exists with correct ownership and permissions. However, examining the user sshd in /etc/passwd, the home directory is set to system root (/), not to /var/empty. Considering that UsePrivilegeSeparation sandbox is now a default setting, and provided that setting chroot to / it is not an oversight, what might be the reasoning behind it?

[1] http://citi.umich.edu/u/provos/ssh/privsep-faq.html
[2] /usr/doc/openssh-7.1p2/README.privsep

I think this might be that once you have chrooted then / is the same as /var/empty, if you set it to /var/empty then you would end up with /var/empty/var/empty, I seem to remember having similar confusion setting up chrooted sftp access once.

I don't know the reasoning behind it, but I'm asking myself if that really matters something, as long as the sshd user actually has a /bin/false shell (so he never log in into his $HOME) and the configure option for --with-privsep-path already contains the correct directory.
maybe it's me but I can't see anything contradicting how the thing work as explained in [2], but it could be also it's friday, I'm a little tired and I'm missing something...

The home directory of the sshd account is not used. In sshd.c, line 636 or so,
sshd chroot()'s to the hardcoded directory given by --with-privsep-path and then calls chdir("/") regardless of what /etc/passwd contains.

3 members found this post helpful.

Thank you all for your answers, and especially Petri. I'm marking the thread as [SOLVED].