Package: libpam-ssh Version: 1.91.0-9.1 Severity: important If you replace pam_unix.so with pam_ssh.so as the module for authenticating users, say, /etc/pam.d/common-auth contains only:
auth required pam_ssh.so keyfiles=id_dsa then login will say "Login incorrect" when user does not exist, and the following is logged to syslog: May 5 23:28:10 [EMAIL PROTECTED] login[14755]: FAILED LOGIN (1) on 'tty1' FOR `UNKNOWN', Permission denied Login should behave the same if the user exist or not as not to leak information. If you stack this module after pam_unix but still authenticate against your ssh keys, then pam_unix will generate a false event indicating that authentication failed. -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.20.1 Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Versions of packages libpam-ssh depends on: ii libc6 2.3.6.ds1-13 GNU C Library: Shared libraries ii libpam0g 0.79-4 Pluggable Authentication Modules l ii libssl0.9.8 0.9.8c-4 SSL shared libraries Versions of packages libpam-ssh recommends: pn ssh-krb5 | ssh <none> (no description available) -- no debconf information
signature.asc
Description: Digital signature
