Package: openssh-server Version: 1:10.0p1-7 Severity: important
OpenSSH server new config parameter PAMServiceName does not work and it is completely ignored, and it statically defaults to 'sshd'. This disrupts some functionality and is not backward compatible. Here is how to replicate, assuming a plain-vanilla Debian 13 environment, user logged in as root. - create an /etc/hosts.deny file with content: ALL: ALL - create an /etc/hosts.allow file with content: sshd: 127.0.0.1 sshd2: 127.0.1.1 - modify the file /etc/ssh/sshd_config, adding the line: PAMServiceName sshd2 - restart sshd: # systemctl restart sshd - configure an additional local interface: # ifconfig lo:0 127.0.1.1 - try this: # ssh -B 127.0.1.1 127.0.0.1 >you get: kex_exchange_identification: read: Connection reset by peer Connection reset by 127.0.1.1 and this proves the config parameter PAMServiceName was ignored. Additional notes: The new config parameter also disrupts the previous behavior of sshd, where the PAM service name defaulted to the name of the executable. Before the introduction of the new config parameter, experienced users used to create symbolic links to change the executable name (and so the PAM service name); with the new version their configurations do not work anymore. IMHO it would be more backward compatible if the new implementation would respect the original behavior for default value.
