Package: systemd Version: 259.1-1 Severity: normal systemd upstream ships a /usr/lib/systemd/ssh_config.d/20-systemd-ssh-proxy.conf file (and a /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf symlink to it exists in the Debian package) that disables clients' checking of SSH server host keys over AF_UNIX and AF_VSOCK connections. This breaks the SSH trust-on-first-use (or before first use with ssh-keyscan) security model for all such connections.
-- Package-specific info: -- System Information: Debian Release: forky/sid APT prefers unreleased APT policy: (500, 'unreleased'), (500, 'unstable') Architecture: ppc64 Kernel: Linux 6.1.0-9-powerpc64 (SMP w/8 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) Versions of packages systemd depends on: ii libc6 2.42-12 ii libssl3t64 3.5.4-1+b1 ii libsystemd-shared 259.1-1 ii libsystemd0 259.1-1 ii mount 2.41.3-3 Versions of packages systemd recommends: pn default-dbus-system-bus | dbus-system-bus <none> pn linux-sysctl-defaults <none> ii login 1:4.16.0-2+really2.41.3-3 ii ntpsec [time-daemon] 1.2.3+dfsg1-8 pn systemd-cryptsetup <none> Versions of packages systemd suggests: pn libtss2-tcti-device0 <none> pn polkitd <none> pn systemd-boot <none> pn systemd-container <none> pn systemd-homed <none> pn systemd-repart <none> pn systemd-resolved <none> pn systemd-userdbd <none> Versions of packages systemd is related to: pn dbus-user-session <none> pn dracut <none> ii initramfs-tools 0.150 pn libnss-systemd <none> pn libpam-systemd <none> ii udev 259.1-1 -- no debconf information
[OVERRIDDEN] /usr/lib/systemd/system/[email protected]/10-login-barrier.conf -> /usr/lib/systemd/system/[email protected]/10-login-barrier.conf --- /usr/lib/systemd/system/[email protected]/10-login-barrier.conf 2026-02-06 14:34:41.000000000 +0000 +++ /usr/lib/systemd/system/[email protected]/10-login-barrier.conf 2026-02-06 14:34:41.000000000 +0000 @@ -7,6 +7,8 @@ # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. -# Empty file to mask its counterpart for unprivileged users and thus cancels -# "After=systemd-user-session.service" ordering constraint so that root can log -# in even if the boot process is not yet finished. +[Unit] +# Make sure user instances are started after logins are allowed. However this +# is not desirable for [email protected] since root should be able to log in +# earlier during the boot process especially if something goes wrong. +After=systemd-user-sessions.service [EXTENDED] /usr/lib/systemd/system/rc-local.service -> /usr/lib/systemd/system/rc-local.service.d/debian.conf [EXTENDED] /usr/lib/systemd/system/systemd-fsck-root.service -> /usr/lib/systemd/system/systemd-fsck-root.service.d/10-skip-fsck-initramfs.conf [EXTENDED] /usr/lib/systemd/system/systemd-localed.service -> /usr/lib/systemd/system/systemd-localed.service.d/x11-keyboard.conf [EXTENDED] /usr/lib/systemd/system/systemd-logind.service -> /usr/lib/systemd/system/systemd-logind.service.d/dbus.conf [EXTENDED] /usr/lib/systemd/system/systemd-udevd.service -> /usr/lib/systemd/system/systemd-udevd.service.d/syscall-architecture.conf [EXTENDED] /usr/lib/systemd/system/[email protected] -> /usr/lib/systemd/system/[email protected]/10-login-barrier.conf 7 overridden configuration files found.
Failed to connect to system scope bus via local transport: No such file or directory
Failed to connect to system scope bus via local transport: No such file or directory
==> /var/lib/systemd/deb-systemd-helper-enabled/apt-daily.timer.dsh-also <== /etc/systemd/system/timers.target.wants/apt-daily.timer ==> /var/lib/systemd/deb-systemd-helper-enabled/lvm2-monitor.service.dsh-also <== /etc/systemd/system/sysinit.target.wants/lvm2-monitor.service ==> /var/lib/systemd/deb-systemd-helper-enabled/systemd-networkd.service.dsh-also <== /etc/systemd/system/sockets.target.wants/systemd-networkd.socket /etc/systemd/system/sockets.target.wants/systemd-networkd-varlink.socket /etc/systemd/system/sockets.target.wants/systemd-networkd-resolve-hook.socket /etc/systemd/system/dbus-org.freedesktop.network1.service /etc/systemd/system/sysinit.target.wants/systemd-network-generator.service /etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service /etc/systemd/system/multi-user.target.wants/systemd-networkd.service ==> /var/lib/systemd/deb-systemd-helper-enabled/mdmonitor-oneshot.timer.dsh-also <== /etc/systemd/system/mdmonitor.service.wants/mdmonitor-oneshot.timer ==> /var/lib/systemd/deb-systemd-helper-enabled/cron.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/cron.service ==> /var/lib/systemd/deb-systemd-helper-enabled/systemd-udev-load-credentials.service.dsh-also <== /etc/systemd/system/sysinit.target.wants/systemd-udev-load-credentials.service ==> /var/lib/systemd/deb-systemd-helper-enabled/ssh.socket.wants/sshd-keygen.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/blk-availability.service.dsh-also <== /etc/systemd/system/sysinit.target.wants/blk-availability.service ==> /var/lib/systemd/deb-systemd-helper-enabled/ntpsec-systemd-netif.path.dsh-also <== /etc/systemd/system/network-pre.target.wants/ntpsec-systemd-netif.path ==> /var/lib/systemd/deb-systemd-helper-enabled/sysinit.target.wants/blk-availability.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/sysinit.target.wants/mdadm-shutdown.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/sysinit.target.wants/lvm2-lvmpolld.socket <== ==> /var/lib/systemd/deb-systemd-helper-enabled/sysinit.target.wants/lvm2-monitor.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/ntpd.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/networking.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/networking.service /etc/systemd/system/network-online.target.wants/networking.service ==> /var/lib/systemd/deb-systemd-helper-enabled/mdcheck_start.timer.dsh-also <== /etc/systemd/system/mdmonitor.service.wants/mdcheck_continue.timer /etc/systemd/system/mdmonitor.service.wants/mdcheck_start.timer ==> /var/lib/systemd/deb-systemd-helper-enabled/ssh.socket.dsh-also <== /etc/systemd/system/sockets.target.wants/ssh.socket ==> /var/lib/systemd/deb-systemd-helper-enabled/dm-event.socket.dsh-also <== /etc/systemd/system/sockets.target.wants/dm-event.socket ==> /var/lib/systemd/deb-systemd-helper-enabled/logrotate.timer.dsh-also <== /etc/systemd/system/timers.target.wants/logrotate.timer ==> /var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/logrotate.timer <== ==> /var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/ntpsec-rotate-stats.timer <== ==> /var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/e2scrub_all.timer <== ==> /var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/apt-daily.timer <== ==> /var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/apt-daily-upgrade.timer <== ==> /var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/fstrim.timer <== ==> /var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/man-db.timer <== ==> /var/lib/systemd/deb-systemd-helper-enabled/timers.target.wants/dpkg-db-backup.timer <== ==> /var/lib/systemd/deb-systemd-helper-enabled/lvm2-lvmpolld.socket.dsh-also <== /etc/systemd/system/sysinit.target.wants/lvm2-lvmpolld.socket ==> /var/lib/systemd/deb-systemd-helper-enabled/ifupdown-wait-online.service.dsh-also <== /etc/systemd/system/network-online.target.wants/ifupdown-wait-online.service ==> /var/lib/systemd/deb-systemd-helper-enabled/network-online.target.wants/networking.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/ntpsec-rotate-stats.timer.dsh-also <== /etc/systemd/system/timers.target.wants/ntpsec-rotate-stats.timer ==> /var/lib/systemd/deb-systemd-helper-enabled/mdmonitor.service.wants/mdcheck_continue.timer <== ==> /var/lib/systemd/deb-systemd-helper-enabled/mdmonitor.service.wants/mdmonitor-oneshot.timer <== ==> /var/lib/systemd/deb-systemd-helper-enabled/mdmonitor.service.wants/mdcheck_start.timer <== ==> /var/lib/systemd/deb-systemd-helper-enabled/dpkg-db-backup.timer.dsh-also <== /etc/systemd/system/timers.target.wants/dpkg-db-backup.timer ==> /var/lib/systemd/deb-systemd-helper-enabled/ssh.service.wants/sshd-keygen.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/sshd-keygen.service.dsh-also <== /etc/systemd/system/ssh.service.wants/sshd-keygen.service /etc/systemd/system/sshd.service.wants/sshd-keygen.service /etc/systemd/system/[email protected]/sshd-keygen.service /etc/systemd/system/ssh.socket.wants/sshd-keygen.service ==> /var/lib/systemd/deb-systemd-helper-enabled/sshd.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/man-db.timer.dsh-also <== /etc/systemd/system/timers.target.wants/man-db.timer ==> /var/lib/systemd/deb-systemd-helper-enabled/ntpsec.service.dsh-also <== /etc/systemd/system/ntp.service /etc/systemd/system/ntpd.service /etc/systemd/system/multi-user.target.wants/ntpsec.service ==> /var/lib/systemd/deb-systemd-helper-enabled/fstrim.timer.dsh-also <== /etc/systemd/system/timers.target.wants/fstrim.timer ==> /var/lib/systemd/deb-systemd-helper-enabled/ntp.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/sshd.service.wants/sshd-keygen.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/smartmontools.service.dsh-also <== /etc/systemd/system/smartd.service /etc/systemd/system/multi-user.target.wants/smartmontools.service ==> /var/lib/systemd/deb-systemd-helper-enabled/e2scrub_reap.service.dsh-also <== /etc/systemd/system/multi-user.target.wants/e2scrub_reap.service ==> /var/lib/systemd/deb-systemd-helper-enabled/mdadm-shutdown.service.dsh-also <== /etc/systemd/system/sysinit.target.wants/mdadm-shutdown.service ==> /var/lib/systemd/deb-systemd-helper-enabled/[email protected]/sshd-keygen.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/network-pre.target.wants/ntpsec-systemd-netif.path <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/ntpsec.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/networking.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/cron.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/e2scrub_reap.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/ssh.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/multi-user.target.wants/smartmontools.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/e2scrub_all.timer.dsh-also <== /etc/systemd/system/timers.target.wants/e2scrub_all.timer ==> /var/lib/systemd/deb-systemd-helper-enabled/mdcheck_continue.timer.dsh-also <== /etc/systemd/system/mdmonitor.service.wants/mdcheck_continue.timer ==> /var/lib/systemd/deb-systemd-helper-enabled/smartd.service <== ==> /var/lib/systemd/deb-systemd-helper-enabled/ssh.service.dsh-also <== /etc/systemd/system/sshd.service /etc/systemd/system/multi-user.target.wants/ssh.service ==> /var/lib/systemd/deb-systemd-helper-enabled/apt-daily-upgrade.timer.dsh-also <== /etc/systemd/system/timers.target.wants/apt-daily-upgrade.timer ==> /var/lib/systemd/deb-systemd-helper-enabled/sockets.target.wants/dm-event.socket <== ==> /var/lib/systemd/deb-systemd-helper-enabled/nftables.service.dsh-also <== /etc/systemd/system/sysinit.target.wants/nftables.service
# /etc/fstab: static file system information. # # Use 'blkid' to print the universally unique identifier for a # device; this may be used with UUID= as a more robust way to name devices # that works even if disks are added and removed. See fstab(5). # # systemd generates mount units based on this file, see systemd.mount(5). # Please run 'systemctl daemon-reload' after making changes here. # # <file system> <mount point> <type> <options> <dump> <pass> /dev/mapper/vg00-root / ext4 errors=remount-ro 0 1 # /boot was on /dev/md127 during installation UUID=b9cc43d7-e381-4c11-9a21-6beb7d32b6a7 /boot ext4 defaults 0 2 /dev/mapper/vg00-home /home ext4 defaults 0 2 /dev/mapper/vg00-opt /opt ext4 defaults 0 2 /dev/mapper/vg00-tmp /tmp ext4 defaults 0 2 /dev/mapper/vg00-var /var ext4 defaults 0 2 /dev/mapper/vg00-swap none swap sw 0 0 /dev/sr0 /media/cdrom0 udf,iso9660 user,noauto 0 0
