Control: tag -1 patch On Mon, May 01, 2023 at 03:57:38PM +0100, Richard Lewis wrote: > Was there an update on this bug against release-notes: the MR against openssh > at > https://salsa.debian.org/ssh-team/openssh/-/merge_requests/21/diffs > doesnt seem to be merged - has this been parked?
After some of the more recent discussion, I'm persuaded that I should move up the timeline I proposed, and remove this and document the removal in the release notes of the same Debian release. > Based on the text in that MR , but if I i used this feature i would > want to know: > - can this prevent me logging in? (eg if i am doing the upgrade over ssh) > - will it drop my ssh connection (release-notes does iirc advise > upgrading inside tmux or screen) > - what do i do if i need the settings in pam-envionment - can i add > them to ssh_config? (I assume re-enabling a > deprecated setting is not a good thing to recommend in release-notes) > (and should i do so before or after upgrading?) > > > The release notes could say something like: > > <section> > <title>ssh no longer reads ~/.pam-environment</title> > <para> > The <sysitem role="package">ssh</sysitem> package, which allows > secure login to remote systems, no longer reads the user's > <filename>~/.pam_environment</filename> file by default. > See <link to openssh's NEWS.debian> for details. > If you used this feature, you should move variables set in > <filename>~/.pam_environment</filename> file to > <filename>~/.ssh/ssh_config</filename> before upgrading <!-- or your > connection might break when openssh-server is upgraded? -->. > </para> > </section> > > (should there be something about the pam deprecation itself?) Thanks for this. I've adapted these notes into https://salsa.debian.org/ddp-team/release-notes/-/merge_requests/204. (They weren't quite right in some areas: any changes have to be made on the server, not the client, and the only non-root-accessible sshd configuration options that are relevant to this such as ~/.ssh/environment are disabled by default, so I just resorted to suggesting that people move settings to their shell initialization files instead. It isn't perfect, but I think it's OK to assume that people who've gone to the effort of setting this can figure something out given the hint.) -- Colin Watson (he/him) [cjwat...@debian.org]