On Thu, Sep 09, 2021 at 11:08:05AM -0400, Aristeu Rozanski wrote: > Jokes aside, I had 'ssh' group defined for a good while as to be used as > group of people allowed to ssh in the machine (AllowGroup, root login is > disabled) and a recent upgrade, probably due #990456, that group got renamed > as '_ssh' and I wasn't able to login anymore. Thankfully I had a session open > since before the change and was able to figure out what was going on. > > Please change the upgrade script to check if the group ssh already contains > users before doing the change.
We can add some kind of check that would fail the installation in this situation, but please migrate to using some other site-specific group for this ASAP. The ssh/_ssh group is an internal implementation detail used only to ensure that private key material cannot be extracted from running ssh-agent processes using ptrace(2); it's not intended to have users added to it. -- Colin Watson (he/him) [cjwat...@debian.org]
