Wind River Support Network


LIN6-9420 : wrlinux 6 - openssh pam support

Created: Feb 11, 2015    Updated: Dec 3, 2018
Resolved Date: Mar 2, 2015
Found In Version:
Fix Version:
Severity: Standard
Applicable for: Wind River Linux 6
Component/s: Userspace


in wrlinux 4.3, when openssh was compiled with pam support, in the sshd_config file, PAM was used by default as an authentication method:

UsePAM yes

on wrlinux 6, even though the openssh package is being compiled with pam support:

--build=x86_64-linux --host=i586-wrs-linux --target=i586-wrs-linux --prefix=/usr --exec_prefix=/usr --bindir=/usr/bin --sbindir=/usr/sbin --libexecdir=/usr/lib/openssh --datadir=/usr/share --sysconfdir=/etc --sharedstatedir=/com --localstatedir=/var --libdir=/usr/lib --includedir=/usr/include --oldincludedir=/usr/include --infodir=/usr/share/info --mandir=/usr/share/man --disable-silent-rules --disable-dependency-tracking --with-libtool-sysroot=/home/stef/workspace/wrl6_qemu/bitbake_build/tmp/sysroots/qemux86 --with-rand-helper=no --with-pam --without-zlib-version-check --with-privsep-path=/var/run/sshd --sysconfdir=/etc/ssh --with-xauth=/usr/bin/xauth --with-tcp-wrappers

the PAM option is not enabled in the sshd_config file:

# Set this to 'yes' to enable PAM authentication, account processing, 
# and session processing. If this is enabled, PAM authentication will 
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication.  Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
PermitRootLogin yes
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no

Steps to Reproduce

configure a wrlinux 6 project based on standard kernel/rootfs (any BSP)


check the etc/ssh/sshd_config file

Other Downloads

Live chat