[Touch-packages] [Bug 2060150] Re: openssh sets PAM_RHOST to UNKNOWN causing slow logins

Mon, 15 Apr 2024 15:35:41 -0700 

This bug was fixed in the package openssh - 1:9.6p1-3ubuntu13

---------------
openssh (1:9.6p1-3ubuntu13) noble; urgency=medium

  [ Marco Trevisan (TreviƱo) ]
  * debian: Remove dependency on libsystemd
    As per the xz backdoor we learned that the least dependencies sshd have,
    the best it is, so avoid to plug libsystemd (which also brings various
    other dependencies) inside sshd for no reason:

    - d/p/systemd-readiness.patch: Use upstream patch with no libsystemd
      dependency
    - d/p/systemd-socket-activation.patch: Import patch from debian that
      mimics the libsystemd sd_listen_fds() code, as refactored by Colin
      Watson.
    - d/control: Remove dependencies on  libsystemd-dev | libelogind-dev
    - d/rules: Drop --with-systemd flag (new options are used by default)

  [ Nick Rosbrook ]
  * debian/patches: only set PAM_RHOST if remote host is not "UNKNOWN"
    (LP: #2060150)
  * debian/openssh-server.postinst: don't re-enable ssh.socket if it was 
disabled
    (LP: #2059874)
  * d/p/sshd-socket-generator.patch: do not always ignore ListenStream=22
    (LP: #2059872)

 -- Nick Rosbrook <en...@ubuntu.com>  Fri, 05 Apr 2024 15:30:31 -0400

** Changed in: openssh (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2060150

Title:
  openssh sets PAM_RHOST to UNKNOWN causing slow logins

Status in openssh package in Ubuntu:
  Fix Released

Bug description:
  When using sshd's -i option with stdio that is not a AF_INET/AF_INET6
  socket, auth_get_canonical_hostname() returns "UNKNOWN" which is then
  set as the value of PAM_RHOST, causing pam to try to do a reverse DNS
  query of "UNKNOWN", which times out multiple times, causing a
  substantial slowdown when logging in.

  upstream PR: https://github.com/openssh/openssh-portable/pull/388
  upstream email: 
https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-April/041289.html
  Fedora backport: https://src.fedoraproject.org/rpms/openssh/pull-request/71
  Debian backport: https://salsa.debian.org/ssh-team/openssh/-/merge_requests/25

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2060150/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to