[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#366541: openssh-server: [security] use /bin/nologin instead of /bin/false

Package: openssh-server
Version: 1:4.2p1-8
Severity: normal
Tags: security

The /etc/passwd contains entry:

  sshd:x:101:65534::/var/run/sshd:/bin/false

SUGGESTION

The new login package includes /bin/nologin wich would be more secure, 
because it leaves trace to syslog after login attemps.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.16-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US)

Versions of packages openssh-server depends on:
ii  adduser       3.87                       Add and remove users and groups
ii  debconf [debc 1.5.0                      Debian configuration management sy
ii  dpkg          1.13.19                    package maintenance system for Deb
ii  libc6         2.3.6-7                    GNU C Library: Shared libraries
ii  libcomerr2    1.38+1.39-WIP-2006.04.09-1 common error description library
ii  libkrb53      1.4.3-7                    MIT Kerberos runtime libraries
ii  libpam-module 0.79-3.1                   Pluggable Authentication Modules f
ii  libpam-runtim 0.79-3.1                   Runtime support for the PAM librar
ii  libpam0g      0.79-3.1                   Pluggable Authentication Modules l
ii  libselinux1   1.30-1                     SELinux shared libraries
ii  libssl0.9.8   0.9.8a-8                   SSL shared libraries
ii  libwrap0      7.6.dbs-9                  Wietse Venema's TCP wrappers libra
ii  openssh-clien 1:4.2p1-8                  Secure shell client, an rlogin/rsh
ii  zlib1g        1:1.2.3-11                 compression library - runtime

openssh-server recommends no packages.

-- debconf information excluded
Reply to: