#172951 ssh: using [action=N] syntax in pam config breaks, but other apps handle it fine

Package:
openssh-server
Source:
openssh
Description:
secure shell (SSH) server, for secure access from remote machines
Submitter:
Derrik Pates
Date:
2025-08-17 17:47:06 UTC
Severity:
normal
Tags:
#172951#5
Date:
2002-12-13 21:41:50 UTC
From:
To:
When setting up a PAM config for ssh that can authenticate from more
than one source (like, local passwd/shadow flatfile and say, an LDAP
server), only the first will actually work. If any other modules, of any
kind, are called after the first auth module that actually accepts a
password, a PAM_PERM_DENIED error is returned. It works OK if I qualify
the first auth module with 'sufficient' or use the [] syntax to specify
'success=done', but otherwise it doesn't work at all. The same
configuration works fine with login, vsftpd, and other services.