Bug#1087644: openssh-server: no tty associated with login session
- To: Colin Watson <cjwatson@debian.org>, 1087644@bugs.debian.org
- Subject: Bug#1087644: openssh-server: no tty associated with login session
- From: Chris Hofstaedtler <zeha@debian.org>
- Date: Mon, 17 Feb 2025 03:36:26 +0100
- Message-id: <[🔎] Z7KgqinjRDDyybiL@per.namespace.at>
- Reply-to: Chris Hofstaedtler <zeha@debian.org>, 1087644@bugs.debian.org
- In-reply-to: <ZzryB30U7jKH9tiQ@riva.ucam.org>
- References: <ZzjE7s_zB9mPh7aE@per.namespace.at> <Zzkrk9uuctCvFpp3@riva.ucam.org> <ZzjE7s_zB9mPh7aE@per.namespace.at> <yrt2uwkpkyewi6mk3zmvx5fbswzor4tq7kcyoz43veqbsiw24h@a4l3y3bhb75r> <ZzqGPVtcYXUuCT4O@per.namespace.at> <ZzjE7s_zB9mPh7aE@per.namespace.at> <ZzryB30U7jKH9tiQ@riva.ucam.org> <ZzjE7s_zB9mPh7aE@per.namespace.at>
Control: forwarded -1 https://github.com/openssh/openssh-portable/pull/433
On Mon, Nov 18, 2024 at 07:51:35AM +0000, Colin Watson wrote:
> On Mon, Nov 18, 2024 at 01:11:41AM +0100, Chris Hofstaedtler wrote:
> > On Sun, Nov 17, 2024 at 07:02:53AM +0100, Chris Hofstaedtler wrote:
> > > * Colin Watson <cjwatson@debian.org> [241117 00:32]:
> > > > Control: forwarded -1 https://github.com/openssh/openssh-portable/pull/403
> > > > While reading up on this I ran across
> > > > https://github.com/openssh/openssh-portable/pull/403, whose description
> > > > sounds like the same thing.
> > >
> > > Possible
> >
> > I've now read up on the PR, and I think it will not solve the
> > problem. Having the session recorded in wtmpdb is nice, but we
> > already have pam_wtmpdb for that.
> >
> > who(1) talks to logind for getting currently logged in sessions.
> > wtmpdb is irrelevant for this.
>
> Fair enough.
>
> > > If PAM knows about the tty, pam_systemd.so and pam_wtmpdb.so should
> > > hopefully just record it.
> >
> > We need that part to work (again?).
>
> I suspect this may be related to PAM_TTY_KLUDGE, then
> (https://anongit.mindrot.org/openssh.git/tree/auth-pam.c#n760). Maybe
> as well as setting a kludged PAM_TTY for pam_auth, sshd needs to set a
> proper one for pam_session?
I think so? Is it easy for you to build an sshd that does this?
The last time I looked at the openssh code trying to understand
where this might need to be patched in I got lost very quickly.
I just found another upstream PR, which would directly talk to
logind. Upstream doesn't seem to like it:
https://github.com/openssh/openssh-portable/pull/433
Chris
Reply to: