Your message dated Sun, 24 Sep 2017 22:00:37 +0200 with message-id <20170924220037.2be61f48.baptiste@mailoo.org> and subject line Re: Bug#867134: release-notes: mention OpenSSH UseDNS default change has caused the Debian Bug report #867134, regarding release-notes: mention OpenSSH UseDNS default change to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 867134: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=867134 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: release-notes: mention OpenSSH UseDNS default change
- From: Jeremy Volkening <jdv@base2bio.com>
- Date: Mon, 03 Jul 2017 23:12:35 -0500
- Message-id: <20170704041235.27212.7099.reportbug@biobook.bloom180.lan>
Package: release-notes Severity: important Dear Maintainer, The version of OpenSSH server shipping with stretch has a new default for "UseDNS" which can cause major issues with configurations utilizing hostname matching. This should be mentioned in the stretch release notes as it was, for instance, in the Ubuntu Xenial release: https://wiki.ubuntu.com/XenialXerus/ReleaseNotes#OpenSSH Further details follow. After upgrading a headless server from jessie to stretch, I was unable to log in via SSH. I was eventually able to track this down to the issue linked above and the fact that I was using the pam_access module along with hostnames as part of authentication. With the new "UseDNS" default of "no", the IP addresses were not being reverse resolved to hostnames and the pam_access rule failed, preventing login. Explicitly adding "UseDNS yes" to "sshd_config" changed the behavior to the previous default and restored expected functionality. The first place I looked when encountering this problem was the stretch release notes and I believe the change should be mentioned there. Regards, Jeremy -- System Information: Debian Release: 8.8 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
- To: 867134-done@bugs.debian.org
- Cc: Jeremy Volkening <jdv@base2bio.com>
- Subject: Re: Bug#867134: release-notes: mention OpenSSH UseDNS default change
- From: Baptiste Jammet <baptiste@mailoo.org>
- Date: Sun, 24 Sep 2017 22:00:37 +0200
- Message-id: <20170924220037.2be61f48.baptiste@mailoo.org>
- In-reply-to: <20170704041235.27212.7099.reportbug@biobook.bloom180.lan>
- References: <20170704041235.27212.7099.reportbug@biobook.bloom180.lan>
Hello, Dixit Jeremy Volkening, le 03/07/2017 : >The version of OpenSSH server shipping with stretch has a new default >for "UseDNS" which can cause major issues with configurations utilizing >hostname matching. This should be mentioned in the stretch release >notes as it was, for instance, in the Ubuntu Xenial release: > >https://wiki.ubuntu.com/XenialXerus/ReleaseNotes#OpenSSH I used th wording from the Ubuntu release-notes and send it as r11712. This should be onlie in few hours. Thanks for the notice. BaptisteAttachment: pgpSYDA0JZ5B0.pgp
Description: Signature digitale OpenPGP
--- End Message ---