[Matthew, Colin - I suspect you're on debian-security anyway. If so, no need to reply off-list; I just wanted to make sure you see this, since I considered filing a bug about this.] Hi, Package: ssh Version: 1:3.8p1-3 Tags: bug-not-filed I have a cople of issues with UsePam in ssh. First, it seems to always enable PasswordAuthentication. All my systems have 'PasswordAuthentication no' and 'PubkeyAuthentication yes', so I was very surprised when I was prompted for a password trying to login to one of the systems, to an account with an outdated authorized_keys file. Investigation showed that 'UsePam yes' is causing this behaviour (i.e. 'UsePam no' turns off PasswordAuthentication). IMHO this is quite a bug, as I rely on the fact that 'PasswordAuthentication no' disables password authentication. But of course, having to disable pam has a big drawback: the pam_env module is not loaded anymore :-( I can see how PubkeyAuthentication and pam could conflict, but is there no way to work around this? And, for the short term, what is the 'official' suggested way to read /etc/environment? IIRC it is not really recommended to just source it in /etc/profile (all users have $SHELL == bash.) Preferably in a way that does not blindly read /etc/environment when pam_env *was* loaded. greetings -- vbi -- Lieber schlau in die Bluse schau'n, als dumm in die Wäsche gucken!
Attachment:
pgpWwHNdwcM6W.pgp
Description: signature