Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Bug#1018106: sshd: pam_env(sshd:session): deprecated reading of user environment enabled

6,904 views
Skip to first unread message

Francois Mescam

unread,
Aug 25, 2022, 2:10:05 PM8/25/22
to
Package: openssh-server
Version: 1:9.0p1-1+b1
Severity: normal

Dear Maintainer,

Each time a ssh session begins I have in the log on the server :
sshd: pam_env(sshd:session): deprecated reading of user environment enabled

This arrive since to day after libpam-modules and libpam-runtime were
upgraded to 1.5.2-2.

I don't know how to solve this, perhaps a modification in
/etc/pam.d/sshd but what to do.

Regards

François

-- System Information:
Debian Release: bookworm/sid
APT prefers testing
APT policy: (900, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.18.0-4-amd64 (SMP w/8 CPU threads; PREEMPT)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-server depends on:
ii adduser 3.123
ii debconf [debconf-2.0] 1.5.79
ii dpkg 1.21.9
ii init-system-helpers 1.64
ii libaudit1 1:3.0.7-1+b1
ii libc6 2.34-4
ii libcom-err2 1.46.5-2
ii libcrypt1 1:4.4.28-2
ii libgssapi-krb5-2 1.20-1
ii libkrb5-3 1.20-1
ii libpam-modules 1.5.2-2
ii libpam-runtime 1.5.2-2
ii libpam0g 1.5.2-2
ii libselinux1 3.4-1+b1
ii libssl3 3.0.5-2
ii libsystemd0 251.3-1
ii libwrap0 7.6.q-31
ii lsb-base 11.2
ii openssh-client 1:9.0p1-1+b1
ii openssh-sftp-server 1:9.0p1-1+b1
ii procps 2:3.3.17-7+b1
ii runit-helper 2.14.1
ii ucf 3.0043
ii zlib1g 1:1.2.11.dfsg-4.1

Versions of packages openssh-server recommends:
ii libpam-systemd [logind] 251.3-1
ii ncurses-term 6.3+20220423-2
ii xauth 1:1.1.1-1

Versions of packages openssh-server suggests:
ii ksshaskpass [ssh-askpass] 4:5.25.4-1
pn molly-guard <none>
pn monkeysphere <none>
pn ufw <none>

-- debconf information:
openssh-server/password-authentication: true
openssh-server/permit-root-login: false

nick black

unread,
Feb 1, 2023, 4:50:04 AM2/1/23
to
the cause of this output is the following line in /etc/pam.d/sshd:

# In Debian 4.0 (etch), locale-related environment variables were moved to
# /etc/default/locale, so read that as well.
session required pam_env.so user_readenv=1 envfile=/etc/default/locale

i'm guessing from the comment that user_readenv=1 is in place
primarily to allow overrides of the default locale? etch was
quite some time ago, possibly preceding support for SendEnv?
that seems sufficient workaround if user_readenv is deprecated,
but this is all speculative.

Richard van den Berg

unread,
Jun 30, 2023, 10:30:05 AM6/30/23
to
On Wed, 1 Feb 2023 04:43:07 -0500 nick black <dankam...@gmail.com> wrote:
> the cause of this output is the following line in /etc/pam.d/sshd:
>
> # In Debian 4.0 (etch), locale-related environment variables were
moved to
> # /etc/default/locale, so read that as well.
> session required pam_env.so user_readenv=1 envfile=/etc/default/locale
>
> i'm guessing from the comment that user_readenv=1 is in place
> primarily to allow overrides of the default locale?

Indeed. Removing "user_readenv=1" from that line fixes the warning.

> etch was
> quite some time ago, possibly preceding support for SendEnv?
> that seems sufficient workaround if user_readenv is deprecated,
> but this is all speculative.

The comment for etch is about "envfile=/etc/default/locale" which is
read regardless of the user_readenv setting. See the man page for pam_env.

Kind regards,

Richard van den Berg
0 new messages