Your message dated Wed, 20 Jun 2007 12:17:07 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#428968: fixed in openssh 1:4.6p1-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: openssh-server
Version: 1:4.6p1-1
Severity: grave
Justification: renders package unusable
After upgrading to 1:4.6p1-1 from 1:4.3p2-11, I can no longer login to my
machine using password-based authentication. I've experienced this on two
different machines now, leading me to file this report. I've compared
the new
versions of /etc/ssh/sshd_config and /etc/pam.d/ssh to the versions prior to
the upgrade, but they're completely identical. Private key
authentication still
appears to work.
I've also noticed (on both machines) that following the upgrade, I see
this in
my auth.log when sshd starts up:
Jun 15 01:41:09 localhost sshd[11004]: Received signal 15; terminating.
Jun 15 01:41:09 localhost sshd[23456]: Server listening on :: port 22.
Jun 15 01:41:09 localhost sshd[23456]: error: Bind to port 22 on 0.0.0.0
failed:
Address already in use.
The error is new to this version. This may be a red herring, though.
Here are the contents of my sshd_config file:
# Package generated configuration file
# See the sshd(8) manpage for details
# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes
# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768
# Logging
SyslogFacility AUTH
LogLevel INFO
# Authentication:
LoginGraceTime 600
PermitRootLogin yes
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile %h/.ssh/authorized_keys
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for
RhostsRSAAuthentication
#IgnoreUserKnownHosts yes
# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
# Change to yes to enable tunnelled clear text passwords
PasswordAuthentication no
# To change Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#AFSTokenPassing no
#KerberosTicketCleanup no
# Kerberos TGT Passing does only work with the AFS kaserver
#KerberosTgtPassing yes
X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
KeepAlive yes
#UseLogin no
#MaxStartups 10:30:60
#Banner /etc/issue.net
#ReverseMappingCheck yes
Subsystem sftp /usr/lib/openssh/sftp-server
UsePAM yes
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.20-1-k7 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages openssh-server depends on:
ii adduser 3.102 Add and remove users and groups
ii debconf 1.5.13 Debian configuration
management sy
ii dpkg 1.14.4 package maintenance system
for Deb
ii libc6 2.5-11 GNU C Library: Shared libraries
ii libcomer 1.39+1.40-WIP-2007.04.07+dfsg-2 common error description
library
ii libkrb53 1.6.dfsg.1-4 MIT Kerberos runtime libraries
ii libpam-m 0.79-4 Pluggable Authentication
Modules f
ii libpam-r 0.79-4 Runtime support for the PAM
librar
ii libpam0g 0.79-4 Pluggable Authentication
Modules l
ii libselin 2.0.15-2 SELinux shared libraries
ii libssl0. 0.9.8e-5 SSL shared libraries
ii libwrap0 7.6.dbs-13 Wietse Venema's TCP
wrappers libra
ii lsb-base 3.1-23.1 Linux Standard Base 3.1
init scrip
ii openssh- 1:4.6p1-1 secure shell client, an
rlogin/rsh
ii zlib1g 1:1.2.3-15 compression library - runtime
openssh-server recommends no packages.
-- debconf information:
ssh/insecure_rshd:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/disable_cr_auth: false
ssh/encrypted_host_key_but_no_keygen:
--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:4.6p1-2
We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive:
openssh-client-udeb_4.6p1-2_powerpc.udeb
to pool/main/o/openssh/openssh-client-udeb_4.6p1-2_powerpc.udeb
openssh-client_4.6p1-2_powerpc.deb
to pool/main/o/openssh/openssh-client_4.6p1-2_powerpc.deb
openssh-server-udeb_4.6p1-2_powerpc.udeb
to pool/main/o/openssh/openssh-server-udeb_4.6p1-2_powerpc.udeb
openssh-server_4.6p1-2_powerpc.deb
to pool/main/o/openssh/openssh-server_4.6p1-2_powerpc.deb
openssh_4.6p1-2.diff.gz
to pool/main/o/openssh/openssh_4.6p1-2.diff.gz
openssh_4.6p1-2.dsc
to pool/main/o/openssh/openssh_4.6p1-2.dsc
ssh-askpass-gnome_4.6p1-2_powerpc.deb
to pool/main/o/openssh/ssh-askpass-gnome_4.6p1-2_powerpc.deb
ssh-krb5_4.6p1-2_all.deb
to pool/main/o/openssh/ssh-krb5_4.6p1-2_all.deb
ssh_4.6p1-2_all.deb
to pool/main/o/openssh/ssh_4.6p1-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Colin Watson <[EMAIL PROTECTED]> (supplier of updated openssh package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Wed, 20 Jun 2007 11:52:44 +0100
Source: openssh
Binary: ssh-askpass-gnome ssh-krb5 openssh-client-udeb ssh openssh-server
openssh-client openssh-server-udeb
Architecture: source powerpc all
Version: 1:4.6p1-2
Distribution: unstable
Urgency: low
Maintainer: Debian OpenSSH Maintainers <[EMAIL PROTECTED]>
Changed-By: Colin Watson <[EMAIL PROTECTED]>
Description:
openssh-client - secure shell client, an rlogin/rsh/rcp replacement
openssh-client-udeb - secure shell client for the Debian installer (udeb)
openssh-server - secure shell server, an rshd replacement
openssh-server-udeb - secure shell server for the Debian installer (udeb)
ssh - secure shell client and server (transitional package)
ssh-askpass-gnome - interactive X program to prompt users for a passphrase for
ssh-ad
ssh-krb5 - secure shell client and server (transitional package)
Closes: 366814 409788 428968 429531
Changes:
openssh (1:4.6p1-2) unstable; urgency=low
.
* Fix ordering of SYSLOG_LEVEL_QUIET and SYSLOG_LEVEL_FATAL.
* Clarify that 'ssh -q -q' still prints errors caused by bad arguments
(i.e. before the logging system is initialised).
* Suppress "Connection to <host> closed" and "Connection to master closed"
messages at loglevel SILENT (thanks, Jaap Eldering; closes: #409788).
* Suppress "Pseudo-terminal will not be allocated because stdin is not a
terminal" message at loglevels QUIET and SILENT (closes: #366814).
* Document the SILENT loglevel in sftp-server(8), ssh_config(5), and
sshd_config(5).
* Add try-restart action to init script.
* Add /etc/network/if-up.d/openssh-server to restart sshd when new
interfaces appear (LP: #103436).
* Backport from upstream:
- Move C/R -> kbdint special case to after the defaults have been
loaded, which makes ChallengeResponse default to yes again. This was
broken by the Match changes and not fixed properly subsequently
(closes: #428968).
- Silence spurious error messages from hang-on-exit fix
(http://bugzilla.mindrot.org/show_bug.cgi?id=1306, closes: #429531).
Files:
963aabe4b7cd7f788536770b3cf29a3a 1062 net standard openssh_4.6p1-2.dsc
ebbc68228f4ef2c2f265e3eec625cd86 180214 net standard openssh_4.6p1-2.diff.gz
f9a1e6f711f5eec8780890742758ef88 1062 net extra ssh_4.6p1-2_all.deb
4017b22f35fc373b2516ed4353c42407 79284 net extra ssh-krb5_4.6p1-2_all.deb
9d147e37132b4c565c31deee3b5f0d57 711028 net standard
openssh-client_4.6p1-2_powerpc.deb
0a0848a077e3e3f561d62a15a81d5bb7 266820 net optional
openssh-server_4.6p1-2_powerpc.deb
1c877250f2512889f03001c43e546199 89740 gnome optional
ssh-askpass-gnome_4.6p1-2_powerpc.deb
fb34bb3117dc6eef052da77b133e073a 177614 debian-installer optional
openssh-client-udeb_4.6p1-2_powerpc.udeb
f3667dc614930c7e799da3d7e760e8a0 184628 debian-installer optional
openssh-server-udeb_4.6p1-2_powerpc.udeb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGeRdJ9t0zAhD6TNERAuYbAJ9jURU+IqjAiWFan0x7eA40pLLC3wCfTkcY
U62KDF1bc5bcR6OA8ojq3Mw=
=rxlL
-----END PGP SIGNATURE-----
--- End Message ---
