[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#366541: marked as done (openssh-server: [security] use /bin/nologin instead of /bin/false)



Your message dated Thu, 27 Jul 2006 01:17:08 -0700
with message-id <E1G613M-0000Vk-2O@spohr.debian.org>
and subject line Bug#366541: fixed in openssh 1:4.3p2-3
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---
Package: openssh-server
Version: 1:4.2p1-8
Severity: normal
Tags: security

The /etc/passwd contains entry:

  sshd:x:101:65534::/var/run/sshd:/bin/false

SUGGESTION

The new login package includes /bin/nologin wich would be more secure, 
because it leaves trace to syslog after login attemps.

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/dash
Kernel: Linux 2.6.16-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ISO-8859-1) (ignored: LC_ALL set to en_US)

Versions of packages openssh-server depends on:
ii  adduser       3.87                       Add and remove users and groups
ii  debconf [debc 1.5.0                      Debian configuration management sy
ii  dpkg          1.13.19                    package maintenance system for Deb
ii  libc6         2.3.6-7                    GNU C Library: Shared libraries
ii  libcomerr2    1.38+1.39-WIP-2006.04.09-1 common error description library
ii  libkrb53      1.4.3-7                    MIT Kerberos runtime libraries
ii  libpam-module 0.79-3.1                   Pluggable Authentication Modules f
ii  libpam-runtim 0.79-3.1                   Runtime support for the PAM librar
ii  libpam0g      0.79-3.1                   Pluggable Authentication Modules l
ii  libselinux1   1.30-1                     SELinux shared libraries
ii  libssl0.9.8   0.9.8a-8                   SSL shared libraries
ii  libwrap0      7.6.dbs-9                  Wietse Venema's TCP wrappers libra
ii  openssh-clien 1:4.2p1-8                  Secure shell client, an rlogin/rsh
ii  zlib1g        1:1.2.3-11                 compression library - runtime

openssh-server recommends no packages.

-- debconf information excluded


--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:4.3p2-3

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:

openssh-client-udeb_4.3p2-3_powerpc.udeb
  to pool/main/o/openssh/openssh-client-udeb_4.3p2-3_powerpc.udeb
openssh-client_4.3p2-3_powerpc.deb
  to pool/main/o/openssh/openssh-client_4.3p2-3_powerpc.deb
openssh-server-udeb_4.3p2-3_powerpc.udeb
  to pool/main/o/openssh/openssh-server-udeb_4.3p2-3_powerpc.udeb
openssh-server_4.3p2-3_powerpc.deb
  to pool/main/o/openssh/openssh-server_4.3p2-3_powerpc.deb
openssh_4.3p2-3.diff.gz
  to pool/main/o/openssh/openssh_4.3p2-3.diff.gz
openssh_4.3p2-3.dsc
  to pool/main/o/openssh/openssh_4.3p2-3.dsc
ssh-askpass-gnome_4.3p2-3_powerpc.deb
  to pool/main/o/openssh/ssh-askpass-gnome_4.3p2-3_powerpc.deb
ssh_4.3p2-3_all.deb
  to pool/main/o/openssh/ssh_4.3p2-3_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 366541@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 27 Jul 2006 00:12:36 +0100
Source: openssh
Binary: ssh-askpass-gnome openssh-client-udeb ssh openssh-server openssh-client openssh-server-udeb
Architecture: source powerpc all
Version: 1:4.3p2-3
Distribution: unstable
Urgency: low
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description: 
 openssh-client - Secure shell client, an rlogin/rsh/rcp replacement
 openssh-client-udeb - Secure shell client for the Debian installer (udeb)
 openssh-server - Secure shell server, an rshd replacement
 openssh-server-udeb - Secure shell server for the Debian installer (udeb)
 ssh        - Secure shell client and server (transitional package)
 ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
Closes: 366541 368503 375100 379950
Changes: 
 openssh (1:4.3p2-3) unstable; urgency=low
 .
   * Document KeepAlive->TCPKeepAlive renaming in sshd_config(5) (closes:
     https://launchpad.net/bugs/50702).
   * Change sshd user's shell to /usr/sbin/nologin (closes: #366541).
     Introduces dependency on passwd for usermod.
   * debconf template translations:
     - Update French (thanks, Denis Barbier; closes: #368503).
     - Update Dutch (thanks, Bart Cornelis; closes: #375100).
     - Update Japanese (thanks, Kenshi Muto; closes: #379950).
Files: 
 2d16caee5c1d6dc7de2679460ef4e8ea 990 net standard openssh_4.3p2-3.dsc
 84ee6053bf4c35523759aa521fbb79c2 164912 net standard openssh_4.3p2-3.diff.gz
 e98327930958504e942eb31ad8b75491 1054 net extra ssh_4.3p2-3_all.deb
 3191e0dae98366ab7c8303e8813bda39 641750 net standard openssh-client_4.3p2-3_powerpc.deb
 4a83a6e3efdbc27ff9b0d09b6acfb927 233242 net optional openssh-server_4.3p2-3_powerpc.deb
 67ac41e260a6eccca99f86d0e575adaa 98980 gnome optional ssh-askpass-gnome_4.3p2-3_powerpc.deb
 3da0b8b728c164c463990aed13464234 166634 debian-installer optional openssh-client-udeb_4.3p2-3_powerpc.udeb
 42cbe293d1a837c044ad85ead71f09f4 169688 debian-installer optional openssh-server-udeb_4.3p2-3_powerpc.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFEyHPq9t0zAhD6TNERAhlKAJ45+4MYzlN7UoI1Sj4EpYW+tVdLqQCfW2UF
pusNc0LsVzJocptkipHgLCU=
=gvPI
-----END PGP SIGNATURE-----


--- End Message ---

Reply to: