RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Description of problem:

Currently the PAM service name is the name of the binary. This means that the customer who wants to run SSH on two different ports needs to rename the binary. This is not ideal. The better option would be to allow it to be configurable in the ssh configuration.

The use case is the cluster that has user network and admin network. They are accessible via SSH but on different interfaces and on different ports. There is a single SSSD on the system that needs to differentiate the two for the purpose of the access control to prevent the ordinary users to connect on the admin port.  


The solution is to add a way to define what name to use in the PAM as a service via SSH config.

Unfortunately, it's too late for RFE now, I'm moving it to 7.1

There's a patch for support PAMServiceName in the referenced upstream bugzilla - https://bugzilla.mindrot.org/show_bug.cgi?id=2102

I've prepared a testing build with this patch applied and run a build based on Rawhide source. You can try it using my copr repository openssh_testing https://copr.fedoraproject.org/coprs/plautrba/openssh_testing/

No update, no RHEL7.3. We moved in the way to the other way of exposing authentication information to PAM (see the bug #1312304, if it can help you also in this case. For now, moving to 7.4

Bug #1312304 is not publicly visible.  What is the implemented alternative to the PAMServiceName patches?

(In reply to Kurt H Maier from comment #8)
> Bug #1312304 is not publicly visible.  What is the implemented alternative
> to the PAMServiceName patches?

Basically initial version of [1].

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2408

The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days