[Bug 2910] New: sshd_config Match section - pam functions cannot use stdout?
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Sep 26 07:58:01 AEST 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2910
Bug ID: 2910
Summary: sshd_config Match section - pam functions cannot use
stdout?
Product: Portable OpenSSH
Version: 7.6p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: akshay.moghe at gmail.com
What I'm seeing:
----------------
When a user login hits a "Match" section, the pam modules seem to be
unable to use stdout.
Steps to repro:
---------------
I'm running an almost vanilla openssh installation inside a
ubuntu:bionic container. In here, I append the following to the bottom
of the file:
```
Match Group foobar
ForceCommand bash
```
Next, I add 2 users to the system, named `foobar` and `bazbaz` .
Next, I add some text to the MOTD file (/etc/motd).
Next, I also modify the /etc/pam.d/sshd config to contain these:
```
session optional pam_motd.so noupdate
session optional pam_exec.so stdout /bin/echo ECHOECHO
```
So when I log in using `bazbaz` I see that the motd and the stdout
message appears (as emitted by the PAM module). Also the PrintLastLog
directive kicks in and the last login is also printed.
However when I log in using `foobar` (where the Match directive kicks
in) then I see neither the motd, nor the stdout message, nor the
lastlog. This leads me to believe that stdout handling is somehow
different when the Match is hit. I would have suspected the pam modules
(or libpam) but since the LastLog is an `sshd` function, I'm inclined
to believing this is somehow related to stdout (hence marking the
component as 'sshd').
Not sure if this is a bug or a case of missing documentation.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list