Control: reassign 1038151 openssh-client On Wed, Jun 18, 2025 at 11:04:05AM +0100, Colin Watson wrote: > On Wed, Jun 18, 2025 at 10:28:41AM +0100, Simon McVittie wrote: > > On Fri, 16 Jun 2023 at 02:43:29 +0200, Alban Browaeys wrote: > > > I cannot login anymore via ssh. > > > I have the openemediavault installed on this box to manage the setup and > > > it set AllowGroups to "root ssh" in /etc/ssh/sshd_config. > > ... > > > After the request from a user to rename the "ssh" group to free it for its > > > own use, the "ssh" group was rename to "_ssh" in > > > https://salsa.debian.org/ssh-team/openssh/-/commit/18da782ebe789d0cf107a550e474ba6352e68911 > > > > > > But other users as in > > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990456#35 or tools to > > > manage Debian have come to rely on this "ssh" group. > > > > I believe the openssh maintainers' position on this would be that the > > ssh group was never intended to have ordinary users added to it, and > > therefore this would be a bug in "openemediavault", which seems to be > > third-party software that is not included in Debian? > > This is correct. I 100% intended the group to be for internal use only. > > I agree with the sentiment of this bug that it perhaps would have been worth > documenting in the release notes, but I didn't have time; and since > bookworm's release is now receding in the rear-view mirror, perhaps this has > been overtaken by events? It's probably still worth documenting somewhere, > although as you say: > > > Unfortunately, /etc/group doesn't have a mechanism for pointing to > > documentation about the intended purpose of a group, so it's easy for a > > sysadmin or a piece of third-party software to start using a group for > > an unintended purpose, and I think that's what has happened here. > > ... so I don't know exactly where.
I agree it should not be in trixie's release notes. As this is now mostly an openssh "issue", I'm reassigning it. Maybe it should be in openssh-client's README.Debian? Chris
