Bug#964580: openssh-server: ordering of /etc/pam.d/sshd inconsistent with e.g. /etc/pam.d/login
Package: openssh-server
Version: 1:8.2p1-4ubuntu0.1
Severity: normal
Dear Maintainer,
On my (Ubuntu 20.04) system, all of the pam configs that use both
pam_env.so and @include common-session configure pam_env.so before the
@include -- apart from /etc/pam.d/sshd.
Because @include common-session includes pam_systemd.so, this means that
ssh sessions don't get the environment variables set by systemd
environment generators. (See
https://bugs.launchpad.net/snappy/+bug/1659719).
Cheers,
mwh
-- System Information:
Debian Release: bullseye/sid
APT prefers focal-updates
APT policy: (500, 'focal-updates'), (500, 'focal-security'), (500, 'focal'), (400, 'focal-proposed'), (100, 'focal-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 5.4.0-40-generic (SMP w/8 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openssh-server depends on:
ii adduser 3.118ubuntu2
ii debconf [debconf-2.0] 1.5.73
ii dpkg 1.19.7ubuntu3
ii libaudit1 1:2.8.5-2ubuntu6
ii libc6 2.31-0ubuntu9
ii libcom-err2 1.45.5-2ubuntu1
ii libcrypt1 1:4.4.10-10ubuntu4
ii libgssapi-krb5-2 1.17-6ubuntu4
ii libkrb5-3 1.17-6ubuntu4
ii libpam-modules 1.3.1-5ubuntu4
ii libpam-runtime 1.3.1-5ubuntu4
ii libpam0g 1.3.1-5ubuntu4
ii libselinux1 3.0-1build2
ii libssl1.1 1.1.1f-1ubuntu2
ii libsystemd0 245.4-4ubuntu3.1
ii libwrap0 7.6.q-30
ii lsb-base 11.1.0ubuntu2
ii openssh-client 1:8.2p1-4ubuntu0.1
ii openssh-sftp-server 1:8.2p1-4ubuntu0.1
ii procps 2:3.3.16-1ubuntu2
ii ucf 3.0038+nmu1
ii zlib1g 1:1.2.11.dfsg-2ubuntu1
Versions of packages openssh-server recommends:
ii libpam-systemd [logind] 245.4-4ubuntu3.1
ii ncurses-term 6.2-0ubuntu2
ii ssh-import-id 5.10-0ubuntu1
ii xauth 1:1.1-0ubuntu1
Versions of packages openssh-server suggests:
pn molly-guard <none>
pn monkeysphere <none>
pn ssh-askpass <none>
ii ufw 0.36-6
-- debconf information excluded
Reply to: