Bug#809695: openssh-server: Setting PermitRootLogin without-password disables GSSAPI Auth
Package: openssh-server
Version: 1:7.1p1-5
Severity: important
Dear Maintainer,
Using ssh/SSAPI auth should work even if root login with password are disabled,
however, it looks like the new 7.0 setting of "without-password" and
prohibit-password inadvertently prevent GSSAPI auth to root, too.
Please see
http://lists.mindrot.org/pipermail/openssh-bugs/2015-September/015366.html
for more details.
Cheers,
Juha
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=UTF-8) (ignored: LC_ALL set to en_GB.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages openssh-server depends on:
ii adduser 3.113+nmu3
ii debconf [debconf-2.0] 1.5.58
ii dpkg 1.18.3
ii init-system-helpers 1.24
ii libaudit1 1:2.4.4-4
ii libc6 2.21-4
ii libcomerr2 1.42.13-1
ii libgssapi-krb5-2 1.13.2+dfsg-4
ii libkrb5-3 1.13.2+dfsg-4
ii libpam-modules 1.1.8-3.1
ii libpam-runtime 1.1.8-3.1
ii libpam0g 1.1.8-3.1
ii libselinux1 2.4-3
ii libssl1.0.2 1.0.2e-1
ii libsystemd0 228-2
ii libwrap0 7.6.q-25
ii lsb-base 9.20150917
ii openssh-client 1:7.1p1-5
ii openssh-sftp-server 1:7.1p1-5
ii procps 2:3.3.10-4+b1
ii zlib1g 1:1.2.8.dfsg-2+b1
Versions of packages openssh-server recommends:
ii ncurses-term 6.0+20151024-2
ii xauth 1:1.0.9-1
Versions of packages openssh-server suggests:
ii ksshaskpass [ssh-askpass] 4:5.4.3-1
ii kwalletcli [ssh-askpass] 2.12-5
pn molly-guard <none>
pn monkeysphere <none>
pn rssh <none>
pn ufw <none>
-- debconf information excluded
Reply to: