Ubuntu
openssh package

UsePAM no longer in sshd_config

Bug #186402 reported by Carl Karsten
2
Affects Status Importance Assigned to Milestone
openssh (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: openssh-server

fresh box, same setup that worked on gutsy doesn't work on hardy.
cause: /etc/ssh/sshd_config no longer has
UsePAM yes

This may explain why:

    - Remove hacks to support the old PAM configuration scheme.http://changelogs.ubuntu.com/changelogs/pool/main/o/openssh/openssh_4.7p1-2/changelog

Or it may be an over site. Not sure I would call UsePAM a hack.

details on my problem: account that should only use keyed auth, so /etc/password has ! for the password hash. UsePAM yes allows login using key. remove that (defaults to no) and the key is not accepted.

Revision history for this message
Colin Watson (cjwatson) wrote :

Er. openssh-server doesn't remove UsePAM from sshd_config on upgrade, as far as I can see.

Could you please attach your configuration files, the output of 'ssh -vvv remotehost', and anything relevant in /var/log/auth.log?

Changed in openssh:
status: New → Incomplete
Revision history for this message
Carl Karsten (carlfk) wrote :

>Er. openssh-server doesn't remove UsePAM from sshd_config on upgrade, as far as I can see.

fresh install, not upgrade.

I'll do a hardy daily install right now and post sshd_conf.

Revision history for this message
Carl Karsten (carlfk) wrote :

juser@dhcp120:~$ egrep -v "^(#|$)" /etc/ssh/sshd_config
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation no
PermitRootLogin yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
PermitEmptyPasswords no
PasswordAuthentication yes
AcceptEnv LANG LC_*

Revision history for this message
Colin Watson (cjwatson) wrote :

I have no idea where this is coming from; this looks nothing like the default sshd configuration in Hardy. I just installed a fresh chroot with debootstrap and see nothing similar to this. Is there anything at all unusual about your installer configuration?

Revision history for this message
Carl Karsten (carlfk) wrote :

1000 apologies. this is 100% my fault.

This is where it came from:

d-i preseed/late_command string cd /tmp;apt-get install wget;wget http://shaz/late_command.sh; chmod u+x late_command.sh; ./late_command.sh

# late_command.sh
...
wget http://shaz/sshd_config

Now to figure out why I thought I needed that.

Carl Karsten (carlfk)
Changed in openssh:
status: Incomplete → Invalid
Revision history for this message
Colin Watson (cjwatson) wrote :

Phew; I was worried for a bit there. :-) Thanks for following up.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.