Package: ssh Version: 1:3.8.1p1-3 Severity: normal Hi,
my woody systems routinely run with PasswordAuthenticatio No, so that only ssh keys can be used to log in. When updating one box to sid for testing purposes, /etc/ssh/ssd_config was augmented with "UsePam yes", allowing users to log in using their password. This went unnoticed, unwarned and might introduce a security risk. Please consider setting "UsePam no" on systems that have "Password Authentication No" set on update. Greetings Marc -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.26-zgserver Locale: LANG=C, LC_CTYPE=C Versions of packages ssh depends on: ii adduser 3.53 Add and remove users and groups ii debconf 1.4.25 Debian configuration management sy ii dpkg 1.10.21 Package maintenance system for Deb ii libc6 2.3.2.ds1-12 GNU C Library: Shared libraries an ii libpam-modules 0.76-21 Pluggable Authentication Modules f ii libpam-runtime 0.76-21 Runtime support for the PAM librar ii libpam0g 0.76-21 Pluggable Authentication Modules l ii libssl0.9.7 0.9.7d-2 SSL shared libraries ii libwrap0 7.6.dbs-3 Wietse Venema's TCP wrappers libra ii zlib1g 1:1.2.1.1-3 compression library - runtime -- debconf information excluded
