On Thursday, April 15, 2021 at 2:54:57 PM UTC+2, Thomas Fazekas wrote:
Dears,
the other day I wanted to setup an sftp service that I want to keep it separate from the standard ssh service (with in my case is the one provided by Ubuntu 20.04)
Accordingly I've recompiled the OpenSSH sources with : "./configure --prefix=/opt/openssh-8.5p1 --with-pam --with-pam-service=sshcd"
"sshcd" - in my case representing SSH Custom Daemon.
Now, the authentication is suppose to happen via LDAP so on purpose I did NOT provide any sshcd.conf file in /etc/pam.d/ folder, expecting that, at least in the beginning, I will not be able to log in to my shiny new ssh daemon.
To my surprise username/password authentication works, and what's even more puzzling is that if I look in the log I can even see using pam modules :
...
[Apr 15 14:50:14][vm-1][authpriv][sshcd[2191]:][info] pam_unix(sshcd:session): session opened for user test1 by (uid=0)
...
there are more pam related logs so clearly my service is using some pam modules without me providing any configuration.
Again, there is no /etc/pam.d/sshcd.conf
Is there an explanation for this ?
Right now I'm worried about what else works without me wanting it to work ;)
After digging some more in the PAM documentation I believe I've found the answer to my question :
http://www.linux-pam.org/Linux-PAM-html/sag-configuration-file.html
Excerpt : "The service-name, other, is reserved for giving default rules."
/etc/pam.d/other - specify the PAM fallback behaviour. This file is used for any unspecified service
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)