Bug 2127992 - UsePAM man page clarification
Summary: UsePAM man page clarification
Keywords:
Status: CLOSED DUPLICATE of bug 1953807
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: openssh
Version: 8.6
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: rc
: ---
Assignee: Dmitry Belyavskiy
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-09-19 14:33 UTC by Filip Krska
Modified: 2023-08-03 09:40 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-08-03 09:40:14 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker CRYPTO-8294 0 None None None 2022-09-20 13:46:11 UTC
Red Hat Issue Tracker RHELPLAN-134331 0 None None None 2022-09-19 14:40:00 UTC

Description Filip Krska 2022-09-19 14:33:14 UTC 
Description of problem:

`man sshd_config` states

   If UsePAM is enabled, you will not be able to run sshd(8) as a non-root user.  The default is no.

while RHEL/Fedora distro default and only supported is `yes` (as explained in /etc/ssh/sshd_config and logged to /var/log/messages):

Sep  6 08:44:47 server sshd[2787]: WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems.

Version-Release number of selected component (if applicable):

openssh-8.0p1-13.el8

How reproducible:

Always

Steps to Reproduce:
1. man sshd_config
2. less /etc/ssh/sshd_config
3. grep "UsePAM" /var/log/messages

Actual results:

Man page states that The default is no and doesn't warn about only supporting the opposite.

Expected results:

Man page shall also cover the recommendation/necessity to set UsePAM to `yes` so it doesn't confuse users.

Additional info:

Please clone to RHEL 9, Fedora
Comment 2 Dmitry Belyavskiy 2023-08-03 09:40:14 UTC 
I believe we have fixed it in rhbz#1953807

*** This bug has been marked as a duplicate of bug 1953807 ***
Note You need to log in before you can comment on or make changes to this bug.