Bug#250369: marked as done (ssh: PasswordAuthentication no should result in UsePAM No on update)
Your message dated Wed, 06 Oct 2004 10:47:10 -0400
with message-id <E1CFD4Q-0001Wa-00@newraff.debian.org>
and subject line Bug#250369: fixed in openssh 1:3.8.1p1-8.sarge.1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 22 May 2004 13:59:54 +0000
>From mh+debian-bugs@zugschlus.de Sat May 22 06:59:54 2004
Return-path: <mh+debian-bugs@zugschlus.de>
Received: from de46d.ipsec0.torres.ka0.zugschlus.de (torres.ka0.zugschlus.de) [212.126.222.70] (Debian-exim)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BRX2Y-0002Sg-00; Sat, 22 May 2004 06:59:54 -0700
Received: from lefler.int.ka0.zugschlus.de ([192.168.130.38]:32801 helo=darren.int.ka0.zugschlus.de)
by torres.ka0.zugschlus.de with esmtp (Exim 4.34 (Debian package 4.34-0+1zg1))
id 1BRX2X-0001pG-50; Sat, 22 May 2004 15:59:53 +0200
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Marc Haber <mh+debian-bugs@zugschlus.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: ssh: PasswordAuthentication no should result in UsePAM No on update
Bcc: Marc Haber <mh+debian-bugs@zugschlus.de>
X-Mailer: reportbug 2.60
Date: Sat, 22 May 2004 15:59:53 +0200
Message-ID: <E1BRX2X-0001pG-50@torres.ka0.zugschlus.de>
Delivered-To: submit@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-7.0 required=4.0 tests=BAYES_00,DATING,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: ssh
Version: 1:3.8.1p1-3
Severity: normal
Hi,
my woody systems routinely run with PasswordAuthenticatio No, so that
only ssh keys can be used to log in.
When updating one box to sid for testing purposes, /etc/ssh/ssd_config
was augmented with "UsePam yes", allowing users to log in using their
password. This went unnoticed, unwarned and might introduce a security
risk.
Please consider setting "UsePam no" on systems that have "Password
Authentication No" set on update.
Greetings
Marc
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.4.26-zgserver
Locale: LANG=C, LC_CTYPE=C
Versions of packages ssh depends on:
ii adduser 3.53 Add and remove users and groups
ii debconf 1.4.25 Debian configuration management sy
ii dpkg 1.10.21 Package maintenance system for Deb
ii libc6 2.3.2.ds1-12 GNU C Library: Shared libraries an
ii libpam-modules 0.76-21 Pluggable Authentication Modules f
ii libpam-runtime 0.76-21 Runtime support for the PAM librar
ii libpam0g 0.76-21 Pluggable Authentication Modules l
ii libssl0.9.7 0.9.7d-2 SSL shared libraries
ii libwrap0 7.6.dbs-3 Wietse Venema's TCP wrappers libra
ii zlib1g 1:1.2.1.1-3 compression library - runtime
-- debconf information excluded
---------------------------------------
Received: (at 250369-close) by bugs.debian.org; 6 Oct 2004 14:53:02 +0000
>From katie@ftp-master.debian.org Wed Oct 06 07:53:02 2004
Return-path: <katie@ftp-master.debian.org>
Received: from newraff.debian.org [208.185.25.31] (mail)
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1CFDA6-0007JC-00; Wed, 06 Oct 2004 07:53:02 -0700
Received: from katie by newraff.debian.org with local (Exim 3.35 1 (Debian))
id 1CFD4Q-0001Wa-00; Wed, 06 Oct 2004 10:47:10 -0400
From: Colin Watson <cjwatson@debian.org>
To: 250369-close@bugs.debian.org
X-Katie: $Revision: 1.51 $
Subject: Bug#250369: fixed in openssh 1:3.8.1p1-8.sarge.1
Message-Id: <E1CFD4Q-0001Wa-00@newraff.debian.org>
Sender: Archive Administrator <katie@ftp-master.debian.org>
Date: Wed, 06 Oct 2004 10:47:10 -0400
Delivered-To: 250369-close@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Source: openssh
Source-Version: 1:3.8.1p1-8.sarge.1
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:
openssh-client-udeb_3.8.1p1-8.sarge.1_powerpc.udeb
to pool/main/o/openssh/openssh-client-udeb_3.8.1p1-8.sarge.1_powerpc.udeb
openssh-server-udeb_3.8.1p1-8.sarge.1_powerpc.udeb
to pool/main/o/openssh/openssh-server-udeb_3.8.1p1-8.sarge.1_powerpc.udeb
openssh_3.8.1p1-8.sarge.1.diff.gz
to pool/main/o/openssh/openssh_3.8.1p1-8.sarge.1.diff.gz
openssh_3.8.1p1-8.sarge.1.dsc
to pool/main/o/openssh/openssh_3.8.1p1-8.sarge.1.dsc
ssh-askpass-gnome_3.8.1p1-8.sarge.1_powerpc.deb
to pool/main/o/openssh/ssh-askpass-gnome_3.8.1p1-8.sarge.1_powerpc.deb
ssh_3.8.1p1-8.sarge.1_powerpc.deb
to pool/main/o/openssh/ssh_3.8.1p1-8.sarge.1_powerpc.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 250369@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 6 Oct 2004 14:21:55 +0100
Source: openssh
Binary: ssh-askpass-gnome openssh-client-udeb ssh openssh-server-udeb
Architecture: source powerpc
Version: 1:3.8.1p1-8.sarge.1
Distribution: unstable
Urgency: high
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client-udeb - Secure shell client for the Debian installer (udeb)
openssh-server-udeb - Secure shell server for the Debian installer (udeb)
ssh - Secure rlogin/rsh/rcp replacement (OpenSSH)
ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 250369
Changes:
openssh (1:3.8.1p1-8.sarge.1) unstable; urgency=high
.
* If PasswordAuthentication is disabled, then offer to disable
ChallengeResponseAuthentication too. The current PAM code will attempt
password-style authentication if ChallengeResponseAuthentication is
enabled (closes: #250369).
* This will ask a question of anyone who installed fresh with 1:3.8p1-2 or
later and then upgraded. Sorry about that ... for this reason, the
default answer is to leave ChallengeResponseAuthentication enabled.
Files:
d63e92da131d6df7049e9505010c9cc1 906 net standard openssh_3.8.1p1-8.sarge.1.dsc
626617d98ba24152288e8c051a2a7857 148915 net standard openssh_3.8.1p1-8.sarge.1.diff.gz
321b4b50d4ba08aa63142bd7dd6127fd 734088 net standard ssh_3.8.1p1-8.sarge.1_powerpc.deb
6fa176b76ae58fa6559506df86a6b2d4 52304 gnome optional ssh-askpass-gnome_3.8.1p1-8.sarge.1_powerpc.deb
ed919e75de9e9c84bf3b3d83c68b3a44 151086 debian-installer optional openssh-client-udeb_3.8.1p1-8.sarge.1_powerpc.udeb
f6037c18a80469eaf70571133f8995b2 160060 debian-installer optional openssh-server-udeb_3.8.1p1-8.sarge.1_powerpc.udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Colin Watson <cjwatson@debian.org> -- Debian developer
iD8DBQFBY/vp9t0zAhD6TNERAtdhAJ9bu1VapW3fNFQB5zXxFCJUBNpIYgCfcX0z
HwytYYrAEqeCEyKEeExgnVk=
=qon2
-----END PGP SIGNATURE-----
Reply to: