[clug] SSH + PAM

Robert Edwards bob at cs.anu.edu.au
Wed Jan 2 23:47:26 GMT 2008

Thanks Sam and Brad - this looks like the Right Way, but, alas, I am
running on Debian "etch", which appears to have inherited (in the Debian
way) the hardcoded PAM service name (ssh) from the "woody" days. No idea
why. The main evidence is that the normal executable is "/usr/sbin/sshd"
and the PAM service Debian uses is called "ssh" (and not "sshd").

Looks like I'll need to recompile it. Wonder what else will break...


Bob Edwards.

Sam Couter wrote:
> Robert Edwards <bob at cs.anu.edu.au> wrote:
>> Option 1: two instances of SSH with different config files, one
>> listening on the internal interface/IP address and the other on the
>> other. But both need "UsePAM", so how do I tell PAM which SSH is which?
> Googling for "ssh pam service name" found me this:
> http://marc.info/?l=openssh-unix-dev&m=104871124912817&w=2
> Two-second summary is to run sshd with a different program name, either
> through your own wrapper that uses execl() with a different argv[0], or
> through a symlink.
> There could be a problem though, depending on your distribution:
> http://osdir.com/ml/network.openssh.devel/2003-04/msg00093.html
> says that Debian woody is built with a hard-coded PAM service name that
> can't be changed using the aforementioned method.
> If that's the case for your distribution, it's not hard to build yourself
> a custom package without that configure option.

More information about the linux mailing list