Package: openssh-server Version: 1:8.4p1-5 Severity: normal Dear Maintainer,
After upgrading from Buster to Bullseye, I've noticed that $MAIL variable is not set when one logs in via ssh, but is set when one logs in on TTY. I don't think it was an intended behaviour. I've looked through the possible places where it could be set and found out that it was previously set in /etc/login.defs, but now is governed by PAM. Further investigation showed that PAM configuration for sshd which resides in /etc/pam.d/sshd has the line session optional pam_mail.so standard noenv # [1] I've changed it to session optional pam_mail.so standard # [1] and now the $MAIL is set again. Searching for the reason to set `noenv' there led me to this bug in BTS: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=58429 In this bug it was reported that there were multiple non-informative entries in auth.log if `noenv` was not enabled, but the bug was filed more than 20 years ago, so I've checked if it is still the case. Apparently it is not, the only new lines in auth.log are Sep 1 19:42:14 laptop sshd[28790]: Accepted publickey for sqrt from 127.0.0.1 port 50194 ssh2: RSA SHA256:oCn47IKkSvC9WS1aUl52hD0UYsVtDT80s9pFDETWac0 Sep 1 19:42:14 laptop sshd[28790]: pam_unix(sshd:session): session opened for user sqrt(uid=1000) by (uid=0) So I suggest we revert this `noenv' option as the reason for its existing is gone and it causes problems like the one I'm filing this bug about. Thanks in advance! -- System Information: Debian Release: 11.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Kernel: Linux 5.10.0-8-686 (SMP w/4 CPU threads) Kernel taint flags: TAINT_WARN Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages openssh-server depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.77 ii dpkg 1.20.9 ii libaudit1 1:3.0-2 ii libc6 2.31-13 ii libcom-err2 1.46.2-2 ii libcrypt1 1:4.4.18-4 ii libgssapi-krb5-2 1.18.3-6 ii libkrb5-3 1.18.3-6 ii libpam-modules 1.4.0-9 ii libpam-runtime 1.4.0-9 ii libpam0g 1.4.0-9 ii libselinux1 3.1-3 ii libssl1.1 1.1.1k-1 ii libsystemd0 247.3-6 ii libwrap0 7.6.q-31 ii lsb-base 11.1.0 ii openssh-client 1:8.4p1-5 ii openssh-sftp-server 1:8.4p1-5 ii procps 2:3.3.17-5 ii runit-helper 2.10.3 ii ucf 3.0043 ii zlib1g 1:1.2.11.dfsg-2 Versions of packages openssh-server recommends: pn default-logind | logind | libpam-systemd <none> pn ncurses-term <none> ii xauth 1:1.1-1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn ssh-askpass <none> pn ufw <none> -- Configuration Files: /etc/pam.d/sshd changed: @include common-auth account required pam_nologin.so @include common-account session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close session required pam_loginuid.so session optional pam_keyinit.so force revoke @include common-session session optional pam_motd.so motd=/run/motd.dynamic session optional pam_motd.so noupdate session optional pam_mail.so standard # [1] session required pam_limits.so session required pam_env.so # [1] session required pam_env.so user_readenv=1 envfile=/etc/default/locale session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open @include common-password -- debconf-show failed