[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#236810: marked as done (ssh: sshd_config: disable PasswordAuthentication if UsePAM?)



Your message dated Wed, 10 Mar 2004 06:02:04 -0500
with message-id <E1B11TQ-0003bY-00@newraff.debian.org>
and subject line Bug#236810: fixed in openssh 1:3.8p1-2
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 8 Mar 2004 14:02:06 +0000
>From Mario.Holbe@rz.tu-ilmenau.de Mon Mar 08 06:02:06 2004
Return-path: <Mario.Holbe@rz.tu-ilmenau.de>
Received: from piggy.rz.tu-ilmenau.de [141.24.4.8] 
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1B0LKX-0001np-00; Mon, 08 Mar 2004 06:02:06 -0800
Received: from gate.22.kls.lan (vpn2.rz.tu-ilmenau.de [141.24.172.2])
	by piggy.rz.tu-ilmenau.de (8.12.10/8.12.10) with ESMTP id i28E1um9021253
	for finalrecipients; Mon, 8 Mar 2004 15:02:03 +0100 (MET)
Received: from darkside.22.kls.lan (root@darkside.22.kls.lan [192.168.22.1])
	by gate.22.kls.lan (8.12.11.Beta0/8.12.11.Beta0) with ESMTP id i28E1uxP023764
	for <submit@bugs.debian.org>; Mon, 8 Mar 2004 15:01:56 +0100
Received: from darkside.22.kls.lan (holbe@localhost [127.0.0.1])
	by darkside.22.kls.lan (8.12.11/8.12.11) with ESMTP id i28E1tWN030583
	for <submit@bugs.debian.org>; Mon, 8 Mar 2004 15:01:55 +0100
Received: (from holbe@localhost)
	by darkside.22.kls.lan (8.12.11/8.12.11) id i28E1tC2030581
	for submit@bugs.debian.org; Mon, 8 Mar 2004 15:01:55 +0100
Date: Mon, 8 Mar 2004 15:01:54 +0100
From: "Mario 'BitKoenig' Holbe" <Mario.Holbe@RZ.TU-Ilmenau.DE>
To: submit@bugs.debian.org
Subject: ssh: sshd_config: disable PasswordAuthentication if UsePAM?
Message-ID: <[🔎] 20040308140154.GA8084@darkside.22.kls.lan>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.5.1+cvs20040105i
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_08 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.0 required=4.0 tests=HAS_PACKAGE autolearn=no 
	version=2.60-bugs.debian.org_2004_03_08
X-Spam-Level: 

Package: ssh
Version: 1:3.8p1-1

Hello,

man sshd_config points out:
  UsePAM  Enables PAM authentication (via challenge-response) and session
          set up.  If you enable this, you should probably disable
          PasswordAuthentication.  If you enable then you will not be able
          to run sshd as a non-root user.  The default is ``no''.

Since the debian package defaults to `UsePAM yes' and since
there seems to be no `PAMAuthenticationViaKbdInt no' anymore,
could you probably think about defaulting to `PasswordAuthentication no'
too (maybe one nearby the other)?


regards,
   Mario
-- 
<jv> Oh well, config
<jv> one actually wonders what force in the universe is holding it
<jv> and makes it working
<Beeth> chances and accidents :)

---------------------------------------
Received: (at 236810-close) by bugs.debian.org; 10 Mar 2004 11:08:02 +0000
>From katie@ftp-master.debian.org Wed Mar 10 03:08:02 2004
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1B11ZC-0004N7-00; Wed, 10 Mar 2004 03:08:02 -0800
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
	id 1B11TQ-0003bY-00; Wed, 10 Mar 2004 06:02:04 -0500
From: Colin Watson <cjwatson@debian.org>
To: 236810-close@bugs.debian.org
X-Katie: $Revision: 1.44 $
Subject: Bug#236810: fixed in openssh 1:3.8p1-2
Message-Id: <E1B11TQ-0003bY-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Wed, 10 Mar 2004 06:02:04 -0500
Delivered-To: 236810-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_08 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-3.0 required=4.0 tests=HAS_BUG_NUMBER autolearn=no 
	version=2.60-bugs.debian.org_2004_03_08
X-Spam-Level: 

Source: openssh
Source-Version: 1:3.8p1-2

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh_3.8p1-2.diff.gz
  to pool/main/o/openssh/openssh_3.8p1-2.diff.gz
openssh_3.8p1-2.dsc
  to pool/main/o/openssh/openssh_3.8p1-2.dsc
ssh-askpass-gnome_3.8p1-2_powerpc.deb
  to pool/main/o/openssh/ssh-askpass-gnome_3.8p1-2_powerpc.deb
ssh_3.8p1-2_powerpc.deb
  to pool/main/o/openssh/ssh_3.8p1-2_powerpc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 236810@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Wed, 10 Mar 2004 10:33:07 +0000
Source: openssh
Binary: ssh-askpass-gnome ssh
Architecture: source powerpc
Version: 1:3.8p1-2
Distribution: unstable
Urgency: medium
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 ssh        - Secure rlogin/rsh/rcp replacement (OpenSSH)
 ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 236810 237021
Changes: 
 openssh (1:3.8p1-2) unstable; urgency=medium
 .
   * Disable PasswordAuthentication for new installations (closes: #236810).
   * Turn off the new ForwardX11Trusted by default, returning to the
     semantics of 3.7 and earlier, since it seems immature and causes far too
     many problems with existing setups. See README.Debian for details
     (closes: #237021).
Files: 
 483f857b358f4a965858dc6b91f9515a 842 net standard openssh_3.8p1-2.dsc
 62059d8b0bfacd5be1d38a99a73bd99e 123015 net standard openssh_3.8p1-2.diff.gz
 52536556e6fc96cf604b17f926880d35 759342 net standard ssh_3.8p1-2_powerpc.deb
 a46b505f3f3da3f74a87848efa551d8d 55960 gnome optional ssh-askpass-gnome_3.8p1-2_powerpc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer

iD8DBQFATvIA9t0zAhD6TNERAlJMAJ9PnX0WORT/2bXC3+mF3/itZ+aF0ACfR+1g
HUJiD+rejgcEUdY2gXgAQhI=
=rjfZ
-----END PGP SIGNATURE-----




Reply to: