Bug#314289: openssh-server: The bug is caused by mismatch between PAM service in code and filesystem

To: Debian Bug Tracking System <314289@bugs.debian.org>
Subject: Bug#314289: openssh-server: The bug is caused by mismatch between PAM service in code and filesystem
From: Jan Hudec <bulb@ucw.cz>
Date: Thu, 7 Jul 2005 18:06:58 +0200
Message-id: <[🔎] 20050707160658.GA31440@vagabond>
Reply-to: Jan Hudec <bulb@ucw.cz>, 314289@bugs.debian.org

Package: openssh-server
Version: 1:4.1p1-5
Followup-For: Bug #314289
Tags: patch

While ssh server invokes PAM for service "sshd", the provided PAM config
is /etc/pam.d/ssh. So PAM does NOT load it, and depending on level of
paranoia of the default setting either authenticates the user or not.

Lines like this showed up in my log:
Jul  7 17:47:41 vagabond PAM-warn[30881]: function=[pam_sm_acct_mgmt] service=[sshd] terminal=[ssh] user=[root] ruser=[<unknown>] rhost=[localhost]

And creating a symlink:
ln -s /etc/pam.d/ssh /etc/pam.d/sshd

fixed the problem for me.

There are three possible fixes for the package:

1) Find the serivce name and replace it with "ssh".
2) Provide the link above (mostly a quick-hack)
3) Provide /etc/pam.d/sshd instead of /etc/pam.d/ssh and provide
   a pre-inst to copy over the old contents.

Note: I am trying to tag this bug with patch, because "other easy
procedure for fixing the bug is included".

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (100, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.10
Locale: LANG=C, LC_CTYPE=cs_CZ (charmap=ISO-8859-2)

Versions of packages openssh-server depends on:
ii  adduser                     3.64         Add and remove users and groups
ii  debconf [debconf-2.0]       1.4.51       Debian configuration management sy
ii  dpkg                        1.13.10      Package maintenance system for Deb
ii  libc6                       2.3.2.ds1-22 GNU C Library: Shared libraries an
ii  libpam-modules              0.76-22      Pluggable Authentication Modules f
ii  libpam-runtime              0.76-22      Runtime support for the PAM librar
ii  libpam0g                    0.76-22      Pluggable Authentication Modules l
ii  libselinux1                 1.24-1       SELinux shared libraries
ii  libssl0.9.7                 0.9.7g-1     SSL shared libraries
ii  libwrap0                    7.6.dbs-8    Wietse Venema's TCP wrappers libra
ii  openssh-client              1:4.1p1-5    Secure shell client, an rlogin/rsh
ii  zlib1g                      1:1.2.2-6    compression library - runtime

openssh-server recommends no packages.

-- debconf information:
  ssh/insecure_rshd:
  ssh/insecure_telnetd:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/disable_cr_auth: false
  ssh/encrypted_host_key_but_no_keygen:
-------------------------------------------------------------------------------
						 Jan 'Bulb' Hudec <bulb@ucw.cz>

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#314289: openssh-server: The bug is caused by mismatch between PAM service in code and filesystem
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Bug#73611: Take the office with you where ever you go...
Next by Date: Bug#314289: openssh-server: The bug is caused by mismatch between PAM service in code and filesystem
Previous by thread: Bug#73611: Take the office with you where ever you go...
Next by thread: Bug#314289: openssh-server: The bug is caused by mismatch between PAM service in code and filesystem
Index(es):
- Date
- Thread