Bug#1053746: openssh-server: Upgrade from 1:9.2p1-2 to 1:9.2p1-2+deb12u1 disabled GSSAPIAuthentication

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1053746: openssh-server: Upgrade from 1:9.2p1-2 to 1:9.2p1-2+deb12u1 disabled GSSAPIAuthentication
From: Lukasz Stelmach <l.stelmach@samsung.com>
Date: Tue, 10 Oct 2023 10:39:38 +0200
Message-id: <[🔎] oypijdy1ga3m7p.fsf%l.stelmach@samsung.com>
Reply-to: Lukasz Stelmach <l.stelmach@samsung.com>, 1053746@bugs.debian.org

Package: openssh-server
Version: 1:9.2p1-2+deb12u1
Severity: important
X-Debbugs-Cc: none, Lukasz Stelmach <l.stelmach@samsung.com>

Dear Maintainer,

I upgraded openssh-server yesterday on bookworm and I believe it is the
upgrade that caused a change in the configuration file that disabled
GSSAPIAuthentication. Before the upgrade it worked (I believe I had it
explicitly enabled in in sshd_config) and after the upgrade it was
commented out (it doesn't work).

Fortunately I was able to log into the upgraded using different means of
authentication, but still such change of the configuration shouldn't
happen during an upgrade.

I am not 100% the configuration file was edited/replaced during the
upgrade (I am browsing the Debian openssh package git repository), but I
can't see any other reason this has changed. 

-- System Information:
Debian Release: 12.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: arm64, armel

Kernel: Linux 6.1.0-11-amd64 (SMP w/16 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=pl_PL.UTF-8, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii  adduser                    3.134
ii  debconf [debconf-2.0]      1.5.82
ii  init-system-helpers        1.65.2
ii  libaudit1                  1:3.0.9-1
ii  libc6                      2.36-9+deb12u3
ii  libcom-err2                1.47.0-2
ii  libcrypt1                  1:4.4.33-2
ii  libgssapi-krb5-2           1.20.1-2+deb12u1
ii  libkrb5-3                  1.20.1-2+deb12u1
ii  libpam-modules             1.5.2-6+deb12u1
ii  libpam-runtime             1.5.2-6+deb12u1
ii  libpam0g                   1.5.2-6+deb12u1
ii  libselinux1                3.4-1+b6
ii  libssl3                    3.0.11-1~deb12u1
ii  libsystemd0                252.17-1~deb12u1
ii  libwrap0                   7.6.q-32
ii  lsb-base                   11.6
ii  openssh-client             1:9.2p1-2+deb12u1
ii  openssh-sftp-server        1:9.2p1-2+deb12u1
ii  procps                     2:4.0.2-3
ii  runit-helper               2.15.2
ii  sysvinit-utils [lsb-base]  3.06-4
ii  ucf                        3.0043+nmu1
ii  zlib1g                     1:1.2.13.dfsg-1

Versions of packages openssh-server recommends:
ii  libpam-systemd [logind]  252.17-1~deb12u1
ii  ncurses-term             6.4-4
ii  xauth                    1:1.1.2-1

Versions of packages openssh-server suggests:
pn  molly-guard   <none>
pn  monkeysphere  <none>
pn  ssh-askpass   <none>
ii  ufw           0.36.2-1

-- debconf information:
  openssh-server/password-authentication: true
  openssh-server/permit-root-login: true

-- 
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: Bug#942100: openssh-server: /etc/ssh/sshd_config unconditionally overwritten by update
Next by Date: Bug#1053822: openssh-client: consider patch for allow GSSAPI to use default ccache or unique
Previous by thread: Bug#942100: openssh-server: /etc/ssh/sshd_config unconditionally overwritten by update
Next by thread: Bug#1053822: openssh-client: consider patch for allow GSSAPI to use default ccache or unique
Index(es):
- Date
- Thread