Control: forwarded -1 https://github.com/openssh/openssh-portable/pull/433
On Mon, Nov 18, 2024 at 07:51:35AM +0000, Colin Watson wrote: > On Mon, Nov 18, 2024 at 01:11:41AM +0100, Chris Hofstaedtler wrote: > > On Sun, Nov 17, 2024 at 07:02:53AM +0100, Chris Hofstaedtler wrote: > > > * Colin Watson <[email protected]> [241117 00:32]: > > > > Control: forwarded -1 > > > > https://github.com/openssh/openssh-portable/pull/403 > > > > While reading up on this I ran across > > > > https://github.com/openssh/openssh-portable/pull/403, whose description > > > > sounds like the same thing. > > > > > > Possible > > > > I've now read up on the PR, and I think it will not solve the > > problem. Having the session recorded in wtmpdb is nice, but we > > already have pam_wtmpdb for that. > > > > who(1) talks to logind for getting currently logged in sessions. > > wtmpdb is irrelevant for this. > > Fair enough. > > > > If PAM knows about the tty, pam_systemd.so and pam_wtmpdb.so should > > > hopefully just record it. > > > > We need that part to work (again?). > > I suspect this may be related to PAM_TTY_KLUDGE, then > (https://anongit.mindrot.org/openssh.git/tree/auth-pam.c#n760). Maybe > as well as setting a kludged PAM_TTY for pam_auth, sshd needs to set a > proper one for pam_session? I think so? Is it easy for you to build an sshd that does this? The last time I looked at the openssh code trying to understand where this might need to be patched in I got lost very quickly. I just found another upstream PR, which would directly talk to logind. Upstream doesn't seem to like it: https://github.com/openssh/openssh-portable/pull/433 Chris
