Package: openssh-server Version: 1:6.6p1-6 Severity: normal Tags: patch Dear Maintainer,
Customizing a dynamic MOTD in /etc/update-motd.d does not work as expected. As a simple testcase, create a script there that simply runs "date". Upon login, the date of the *previous* login, not the current date, will get printed. The problem is in /etc/pam.d/sshd (or debian/openssh-server.sshd.pam.in in the source). The flag "noupdate" ought to be passed to the *second* call to pam_motd.so, not the *first* as is currently done. The buggy behavior happens as follows, tracing through the pam file: 1. session optional pam_motd.so motd=/run/motd.dynamic noupdate a. This will not change /run/motd.dynamic (due to the "noupdate" flag) b. This will will then cat the unchanged /run/motd.dynamic (the file specified by the motd= flag) 2. session optional pam_motd.so # [1] a. This will change /run/motd.dynamic (this path is hardcoded into PAM). b. This will cat /etc/motd (the default file hardcoded into the source) The changed /run/motd.dynamic is NOT displayed in step 2, but it will get displayed on the next login in step 1.a. The attached patch fixes the problem. The following system information below as collected by reportbug is inaccurate; the bug report above reflects the head of the Debian source repository. git://anonscm.debian.org/pkg-ssh/openssh.git -- System Information: Debian Release: 7.6 APT prefers stable APT policy: (990, 'stable'), (500, 'stable-updates') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages openssh-server depends on: ii adduser 3.113+nmu3 ii debconf [debconf-2.0] 1.5.49 ii dpkg 1.16.15 ii libc6 2.13-38+deb7u3 ii libcomerr2 1.42.5-1.1 ii libgssapi-krb5-2 1.10.1+dfsg-5+deb7u1 ii libkrb5-3 1.10.1+dfsg-5+deb7u1 ii libpam-modules 1.1.3-7.1 ii libpam-runtime 1.1.3-7.1 ii libpam0g 1.1.3-7.1 ii libselinux1 2.1.9-5 ii libssl1.0.0 1.0.1e-2+deb7u11 ii libwrap0 7.6.q-24 ii lsb-base 4.1+Debian8+deb7u1 ii openssh-client 1:6.0p1-4+deb7u2 ii procps 1:3.3.3-3 ii zlib1g 1:1.2.7.dfsg-13 Versions of packages openssh-server recommends: ii ncurses-term 5.9-10 ii openssh-blacklist 0.4.1+nmu1 ii openssh-blacklist-extra 0.4.1+nmu1 ii xauth 1:1.0.7-1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn rssh <none> pn ssh-askpass <none> pn ufw <none> -- debconf-show failed
--- openssh/debian/openssh-server.sshd.pam.in 2014-08-04 19:48:08.159979937 -0400 +++ openssh/debian/openssh-server.sshd.pam.in 2014-08-04 19:48:08.159979937 -0400 @@ -30,8 +30,8 @@ # Print the message of the day upon successful login. # This includes a dynamically generated part from /run/motd.dynamic # and a static (admin-editable) part from /etc/motd. -session optional pam_motd.so motd=/run/motd.dynamic noupdate -session optional pam_motd.so # [1] +session optional pam_motd.so motd=/run/motd.dynamic +session optional pam_motd.so noupdate # Print the status of the user's mailbox upon successful login. session optional pam_mail.so standard noenv # [1]
