The ssh breaking change may lock you out of your system

neol09 · 2024-07-02 18:54:07

This is probably well known / understood, but not mentioned in the announcement

The last release of openssh is not linked against pam,
breaking configs that utilize 2FA/SSO via pam modules.

I'm aware of the recent disclosures in openssh ( regresshion / xz ) by means of social media,
so this is not a surprise, but still a drastic countermeasure.

edit:
pkgbuild for openssh 9.8p1-1 includes the --with-pem, however i'm getting the following:

$ pacman -Qo $(which sshd)
/usr/bin/sshd is owned by openssh 9.8p1-1

$ ldd /usr/bin/sshd
        linux-vdso.so.1 (0x00007fff423fe000)
        libcrypto.so.3 => /usr/lib/libcrypto.so.3 (0x00007f083f400000)
        libc.so.6 => /usr/lib/libc.so.6 (0x00007f083f214000)
        /lib64/ld-linux-x86-64.so.2 => /usr/lib64/ld-linux-x86-64.so.2 (0x00007f083fa81000)

Last edited by neol09 (2024-07-02 19:22:39)

cryptearth · 2024-07-02 20:52:34

ldd /usr/lib/ssh/sshd-session

sshd was degraded to a small fork-bomb

neol09 · 2024-07-03 17:53:36

explains it, thank you

tried the setup again this evening and finally worked,
must have been human error, sorry for jumping to conclusions...

Arch Linux

#1 2024-07-02 18:54:07

The ssh breaking change may lock you out of your system

#2 2024-07-02 20:52:34

Re: The ssh breaking change may lock you out of your system

#3 2024-07-03 17:53:36

Re: The ssh breaking change may lock you out of your system

Board footer