Bug#314289: openssh-server: The bug is caused by mismatch between PAM service in code and filesystem

Thu, 07 Jul 2005 09:23:10 -0700 

Package: openssh-server
Version: 1:4.1p1-5
Followup-For: Bug #314289
Tags: patch

While ssh server invokes PAM for service "sshd", the provided PAM config
is /etc/pam.d/ssh. So PAM does NOT load it, and depending on level of
paranoia of the default setting either authenticates the user or not.

Lines like this showed up in my log:
Jul  7 17:47:41 vagabond PAM-warn[30881]: function=[pam_sm_acct_mgmt] 
service=[sshd] terminal=[ssh] user=[root] ruser=[<unknown>] rhost=[localhost]

And creating a symlink:
ln -s /etc/pam.d/ssh /etc/pam.d/sshd

fixed the problem for me.

There are three possible fixes for the package:

1) Find the serivce name and replace it with "ssh".
2) Provide the link above (mostly a quick-hack)
3) Provide /etc/pam.d/sshd instead of /etc/pam.d/ssh and provide
   a pre-inst to copy over the old contents.

Note: I am trying to tag this bug with patch, because "other easy
procedure for fixing the bug is included".

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (100, 
'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.10
Locale: LANG=C, LC_CTYPE=cs_CZ (charmap=ISO-8859-2)

Versions of packages openssh-server depends on:
ii  adduser                     3.64         Add and remove users and groups
ii  debconf [debconf-2.0]       1.4.51       Debian configuration management sy
ii  dpkg                        1.13.10      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-22      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-22      Runtime support for the PAM librar
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l
ii  libselinux1                 1.24-1       SELinux shared libraries
ii  libssl0.9.7                 0.9.7g-1     SSL shared libraries
ii  libwrap0                    7.6.dbs-8    Wietse Venema's TCP wrappers libra
ii  openssh-client              1:4.1p1-5    Secure shell client, an rlogin/rsh
ii  zlib1g                      1:1.2.2-6    compression library - runtime

openssh-server recommends no packages.

-- debconf information:
  ssh/insecure_rshd:
  ssh/insecure_telnetd:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/disable_cr_auth: false
  ssh/encrypted_host_key_but_no_keygen:
-------------------------------------------------------------------------------
                                                 Jan 'Bulb' Hudec <[EMAIL 
PROTECTED]>

Attachment: signature.asc
Description: Digital signature

Reply via email to