--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: openssh-server: dosen't install on ldap enabled box (usermod fails)
- From: Witold Baryluk <baryluk@smp.if.uj.edu.pl>
- Date: Mon, 13 Nov 2006 20:26:38 +0100
- Message-id: <20061113192638.28286.74277.reportbug@smp.if.uj.edu.pl>
Package: openssh-server
Version: 1:4.3p2-5
Severity: important
I have a set of boxes which uses ldap authentification.
Yesterday i considered it will be usefull to install
ssh-server on them (there was ssh-client) for
remote updates.
so apt-get install openssh-server
...
Konfigurowanie openssh-server (4.3p2-5.1) ...
usermod: nie znaleziono sshd w /etc/passwd
dpkg: b��d przetwarzania openssh-server (--configure):
podproces post-installation script zwr�ci� kod b��du 6
...
I think here is a problem:
/var/lib/dpkg/info/openssh-server.postinst : 292
fix_sshd_shell() {
if getent passwd sshd | grep -q ':/bin/false$'; then
usermod -s /usr/sbin/nologin sshd
fi
}
And
root@neutrino:/home2/baryluk# getent passwd sshd
sshd:x:101:65534:sshd:/var/run/sshd:/bin/false
but usermod:
usermod -s /usr/sbin/nologin sshd
usermod: nie znaleziono sshd w /etc/passwd
so it looks like usermod is using /etc/passwd any way.
# grep sshd /etc/passwd
# empty
Additional info:
# cat /etc/nsswitch.conf
passwd: compat ldap
group: compat ldap
shadow: compat
...
# cat /etc/libnss-ldap.conf
host 10.0.1.1
base dc=smp,dc=if,dc=uj,dc=edu,dc=pl
ldap_version 3
rootbinddn cn=ldapadmin,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
scope sub
# ustawione bo udev przy bootowaniu jest skopany
bind_policy soft
nss_base_passwd ou=People,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
nss_base_shadow ou=People,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
nss_base_group ou=Group,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
nss_base_aliases ou=Aliases,dc=smp,dc=if,dc=uj,dc=edu,dc=pl
# nscd running
# ldd `which usermod` | grep pam
# empty (usermod is using /etc/passwd directly!)
Suggestion: Use chsh (which use PAM).
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.17-2-k7
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to pl_PL.UTF-8)
Versions of packages openssh-server depends on:
ii adduser 3.99 Add and remove users and groups
ii debconf 1.5.8 Debian configuration management sy
ii dpkg 1.13.22 package maintenance system for Deb
ii libc6 2.3.6.ds1-7 GNU C Library: Shared libraries
ii libcomer 1.39+1.40-WIP-2006.10.02+dfsg-2 common error description library
ii libkrb53 1.4.4-3 MIT Kerberos runtime libraries
ii libpam-m 0.79-4 Pluggable Authentication Modules f
ii libpam-r 0.79-4 Runtime support for the PAM librar
ii libpam0g 0.79-4 Pluggable Authentication Modules l
ii libselin 1.32-2 SELinux shared libraries
ii libssl0. 0.9.8c-3 SSL shared libraries
ii libwrap0 7.6.dbs-11 Wietse Venema's TCP wrappers libra
ii openssh- 1:4.3p2-5 Secure shell client, an rlogin/rsh
ii zlib1g 1:1.2.3-13 compression library - runtime
openssh-server recommends no packages.
-- debconf information:
ssh/insecure_rshd:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
ssh/disable_cr_auth: false
ssh/encrypted_host_key_but_no_keygen:
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:4.3p2-7
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:
openssh-client-udeb_4.3p2-7_powerpc.udeb
to pool/main/o/openssh/openssh-client-udeb_4.3p2-7_powerpc.udeb
openssh-client_4.3p2-7_powerpc.deb
to pool/main/o/openssh/openssh-client_4.3p2-7_powerpc.deb
openssh-server-udeb_4.3p2-7_powerpc.udeb
to pool/main/o/openssh/openssh-server-udeb_4.3p2-7_powerpc.udeb
openssh-server_4.3p2-7_powerpc.deb
to pool/main/o/openssh/openssh-server_4.3p2-7_powerpc.deb
openssh_4.3p2-7.diff.gz
to pool/main/o/openssh/openssh_4.3p2-7.diff.gz
openssh_4.3p2-7.dsc
to pool/main/o/openssh/openssh_4.3p2-7.dsc
ssh-askpass-gnome_4.3p2-7_powerpc.deb
to pool/main/o/openssh/ssh-askpass-gnome_4.3p2-7_powerpc.deb
ssh-krb5_4.3p2-7_all.deb
to pool/main/o/openssh/ssh-krb5_4.3p2-7_all.deb
ssh_4.3p2-7_all.deb
to pool/main/o/openssh/ssh_4.3p2-7_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 398436@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <cjwatson@debian.org> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 6 Dec 2006 23:00:49 +0000
Source: openssh
Binary: ssh-askpass-gnome ssh-krb5 openssh-client-udeb ssh openssh-server openssh-client openssh-server-udeb
Architecture: source powerpc all
Version: 1:4.3p2-7
Distribution: unstable
Urgency: medium
Maintainer: Matthew Vernon <matthew@debian.org>
Changed-By: Colin Watson <cjwatson@debian.org>
Description:
openssh-client - Secure shell client, an rlogin/rsh/rcp replacement
openssh-client-udeb - Secure shell client for the Debian installer (udeb)
openssh-server - Secure shell server, an rshd replacement
openssh-server-udeb - Secure shell server for the Debian installer (udeb)
ssh - Secure shell client and server (transitional package)
ssh-askpass-gnome - under X, asks user for a passphrase for ssh-add
ssh-krb5 - Secure shell client and server (transitional package)
Closes: 335259 335276 390986 391248 398436 401483
Changes:
openssh (1:4.3p2-7) unstable; urgency=medium
.
[ Colin Watson ]
* Ignore errors from usermod when changing sshd's shell, since it will
fail if the sshd user is not local (closes: #398436).
* Remove version control tags from /etc/ssh/moduli and /etc/ssh/ssh_config
to avoid unnecessary conffile resolution steps for administrators
(thanks, Jari Aalto; closes: #335259).
* Fix quoting error in configure.ac and regenerate configure (thanks, Ben
Pfaff; closes: #391248).
* When installing openssh-client or openssh-server from scratch, remove
any unchanged conffiles from the pre-split ssh package to work around a
bug in sarge's dpkg (thanks, Justin Pryzby and others; closes: #335276).
.
[ Russ Allbery ]
* Create transitional ssh-krb5 package which enables GSSAPI configuration
in sshd_config (closes: #390986).
* Default client to attempting GSSAPI authentication.
* Remove obsolete GSSAPINoMICAuthentication from sshd_config if it's
found.
* Add ssh -K option, the converse of -k, to enable GSSAPI credential
delegation (closes: #401483).
Files:
976d80c02546f5b6b8b9254a97cfaec3 1000 net standard openssh_4.3p2-7.dsc
c38ee430b3f59225b9e96e7ad7529e3c 254719 net standard openssh_4.3p2-7.diff.gz
f61c287091686f202980ea0981276324 1054 net extra ssh_4.3p2-7_all.deb
1bcf5661b3340ff11b00be8f293c8a5f 90614 net extra ssh-krb5_4.3p2-7_all.deb
91a45b129bbf56e07a40e717184b70e4 643674 net standard openssh-client_4.3p2-7_powerpc.deb
eb03bd0b385940aafaf038659479241a 231148 net optional openssh-server_4.3p2-7_powerpc.deb
a1e8ffceecf9d60bdcc6dcf8e421064a 100002 gnome optional ssh-askpass-gnome_4.3p2-7_powerpc.deb
018cb1112ab2bcb45d874a5499184b12 166780 debian-installer optional openssh-client-udeb_4.3p2-7_powerpc.udeb
1a139b804d28fdc4bb993667f9150747 169888 debian-installer optional openssh-server-udeb_4.3p2-7_powerpc.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFFd07Q9t0zAhD6TNERAtbVAJ9yxAAVobbK29ofod+gTa9SKY05vwCcDHVL
pxPLSjXZs8Ylj+eQV8QRIhA=
=hG8h
-----END PGP SIGNATURE-----
--- End Message ---