[Bug 2012298] Re: PasswordAuthenticaion in sshd_config.d

Lena Voytek 2012298 at bugs.launchpad.net
Fri Mar 24 16:29:30 UTC 2023 

Thanks for the update! I managed to reproduce this on my end:

$ lxc launch images:ubuntu/focal test-ssh-focal
$ lxc exec test-ssh-focal bash

# apt update && apt upgrade -y
# apt install openssh-server
# adduser user

> ssh into container from another terminal to show pw auth is available
by default:

$ ssh user@<container-ip>
user@<container-ip>'s password:

> Update /etc/ssh/sshd_config with the following in first terminal

Match User user
  PasswordAuthentication No
Match All

# systemctl restart sshd

> Check again in other terminal

$ ssh user@<container-ip>
user@<container-ip>: Permission denied (publickey).

> Now remove the lines from /etc/ssh/sshd_config and add them to
/etc/ssh/sshd_config.d/username.conf

# systemctl restart sshd

> Check if the other config worked in other terminal (it does not)

$ ssh user@<container-ip>
user@<container-ip>'s password:


I did, however, confirm this works for Jammy and Kinetic, so this is a Focal-specific issue. Marking as such




** Also affects: openssh (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Changed in: openssh (Ubuntu)
       Status: Incomplete => Fix Released

** Changed in: openssh (Ubuntu Focal)
       Status: New => Confirmed

** Tags added: server-todo

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2012298

Title:
  PasswordAuthenticaion in sshd_config.d

Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Focal:
  Confirmed

Bug description:
  The stanza
  Match User <username>
  	PasswordAuthentication no

  in /etc/ssh/sshd_config works as expected.

  The same stanza in /etc/ssh/sshd_config.d/username.conf does not work.

  The Include in /etc/ssh/sshd_config is not commented out, and

  /usr/sbin/sshd -D -ddd

  shows the username.config file being parsed.

  ProblemType: Bug
  DistroRelease: Ubuntu 20.04
  Package: openssh-server 1:8.2p1-4ubuntu0.5
  ProcVersionSignature: Ubuntu 5.4.0-131.147-generic 5.4.210
  Uname: Linux 5.4.0-131-generic x86_64
  NonfreeKernelModules: falcon_lsm_serviceable falcon_nf_netcontain falcon_kal falcon_lsm_pinned_14713
  ApportVersion: 2.20.11-0ubuntu27.25
  Architecture: amd64
  CasperMD5CheckResult: skip
  Date: Mon Mar 20 13:34:14 2023
  InstallationDate: Installed on 2022-11-04 (136 days ago)
  InstallationMedia:
   
  SSHDConfig: Error: command ['pkexec', '/usr/sbin/sshd', '-T'] failed with exit code 127: pkexec must be setuid root
  SourcePackage: openssh
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2012298/+subscriptions

More information about the foundations-bugs mailing list