diff --git a/packages/network/openssh/package.mk b/packages/network/openssh/package.mk
index b12690e375..41d77eb4cd 100644
--- a/packages/network/openssh/package.mk
+++ b/packages/network/openssh/package.mk
@@ -41,6 +41,7 @@ PKG_CONFIGURE_OPTS_TARGET="--sysconfdir=/etc/ssh \
                            --disable-wtmpx \
                            --without-rpath \
                            --with-ssl-engine \
+                           --with-privsep-user=nobody \
                            --disable-pututline \
                            --disable-pututxline \
                            --disable-etc-default-login \
@@ -64,7 +65,6 @@ post_makeinstall_target() {
 
   sed -e "s|^#PermitRootLogin.*|PermitRootLogin yes|g" \
       -e "s|^#StrictModes.*|StrictModes no|g" \
-      -e "s|^#UsePrivilegeSeparation.*|UsePrivilegeSeparation no|g" \
       -i $INSTALL/etc/ssh/sshd_config
 
   echo "PubkeyAcceptedKeyTypes +ssh-dss" >> $INSTALL/etc/ssh/sshd_config
diff --git a/packages/network/openssh/tmpfiles.d/z_04_openssh.conf b/packages/network/openssh/tmpfiles.d/z_04_openssh.conf
index a6212d7ac2..02eb3fb85c 100644
--- a/packages/network/openssh/tmpfiles.d/z_04_openssh.conf
+++ b/packages/network/openssh/tmpfiles.d/z_04_openssh.conf
@@ -16,5 +16,6 @@
 #  along with OpenELEC.  If not, see <http://www.gnu.org/licenses/>.
 ################################################################################
 
+d    /var/empty              0600 root root - -
 d    /storage/.cache/ssh     0755 root root - -
 d    /storage/.ssh           0700 root root - -