Bug#366541: openssh-server: [security] use /bin/nologin instead of /bin/false

To: Jari Aalto <jari.aalto@cante.net>, 366541@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#366541: openssh-server: [security] use /bin/nologin instead of /bin/false
From: Colin Watson <cjwatson@debian.org>
Date: Fri, 14 Jul 2006 17:08:35 +0100
Message-id: <[🔎] 20060714160835.GY16866@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 366541@bugs.debian.org
In-reply-to: <20060509153000.15968.4151.reportbug@cante>
References: <20060509153000.15968.4151.reportbug@cante>

tags 366541 pending
thanks

On Tue, May 09, 2006 at 06:30:00PM +0300, Jari Aalto wrote:
> Package: openssh-server
> Version: 1:4.2p1-8
> Severity: normal
> Tags: security
> 
> The /etc/passwd contains entry:
> 
>   sshd:x:101:65534::/var/run/sshd:/bin/false
> 
> SUGGESTION
> 
> The new login package includes /bin/nologin wich would be more secure, 
> because it leaves trace to syslog after login attemps.

(/usr/sbin/nologin, after an extensive discussion.)

Thanks for the suggestion; I've made this change in my local openssh
tree for my next upload.

Cheers,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

Follow-Ups:
- Processed: Re: Bug#366541: openssh-server: [security] use /bin/nologin instead of /bin/false
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#352589: patch
Next by Date: Processed: Re: Bug#366541: openssh-server: [security] use /bin/nologin instead of /bin/false
Previous by thread: Bug#352589: patch
Next by thread: Processed: Re: Bug#366541: openssh-server: [security] use /bin/nologin instead of /bin/false
Index(es):
- Date
- Thread