[Bug 2059859] Re: pam_env(sshd:session): deprecated reading of user environment enabled

Andreas Hasenack 2059859 at bugs.launchpad.net
Wed Apr 10 18:07:38 UTC 2024 

Fixing this in noble at this time will require a feature freeze
exception, because we would be changing behavior.

The default for user_readenv in pam_env is 0 (off). In the sshd config,
ubuntu/debian ship a pam config that sets it to on (1), therefore
~/.pam_environment will be read if it exists.

Upstream has flagged that this feature (of reading user-provided env var
files) will be removed in the future, and is thus catching the setting
of user_readenv=1 and showing the deprecation notice warning. To get rid
of the warning, we have to stop setting user_readenv=1, which will
*disable* the feature. Meaning, in noble, if we make this change,
~/.pam_environment (or the file specified by user_envfile) will NOT be
read anymore.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/2059859

Title:
  pam_env(sshd:session): deprecated reading of user environment enabled

Status in openssh package in Ubuntu:
  Triaged

Bug description:
  Ubuntu 24.04 / openssh-server/noble-updates 1:9.6p1-3ubuntu3

  sshd complains about "deprecated reading of user environment".

  This should have been solved upstream, as far as I understand:
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018106

  Enclosed /etc/pam.d/sshd file is amended according to the debian bug
  report.

  ProblemType: Bug
  DistroRelease: Ubuntu 24.04
  Package: openssh-server 1:9.6p1-3ubuntu3
  ProcVersionSignature: Ubuntu 6.8.0-11.11-generic 6.8.0-rc4
  Uname: Linux 6.8.0-11-generic x86_64
  ApportVersion: 2.28.0-0ubuntu1
  Architecture: amd64
  CasperMD5CheckResult: unknown
  Date: Sun Mar 31 11:56:25 2024
  ProcEnviron:
   LANG=de_DE.UTF-8
   PATH=(custom, no user)
   SHELL=/bin/bash
   TERM=xterm-256color
   XDG_RUNTIME_DIR=<set>
  SourcePackage: openssh
  UpgradeStatus: No upgrade log present (probably fresh install)
  modified.conffile..etc.init.d.apport: [modified]
  mtime.conffile..etc.init.d.apport: 2024-02-22T15:20:00
  mtime.conffile..etc.pam.d.sshd: 2024-03-31T11:56:12.949543

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/2059859/+subscriptions

More information about the foundations-bugs mailing list