sshd.rhel configuration #502

New issue

Closed

opened 2026-05-07 00:21:13 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-07 00:21:13 +02:00

Owner

📋 Pull Request Information

Original PR: https://github.com/ovh/the-bastion/pull/464
Author: @codyro
Created: 4/6/2024
Status: ✅ Merged
Merged: 4/8/2024
Merged by: @speed47

Base: master ← Head: rhel9-sshd-pam

📝 Commits (1)

e8a9258 Adjust etc/pam.d/sshd.rhel configuration

📊 Changes

1 file changed (+2 additions, -1 deletions)

View changed files

📝 etc/pam.d/sshd.rhel (+2 -1)

📄 Description

Due to pam_tally2.so not being readily available in RHEL/derivatives (base/EPEL), it was commented out of the pam.d/sshd template used for RHEL. However, this change didn't take into account the pam_succeed_if.so module skipping a specific number of rules, and commenting out this rule without adjusting the default= line caused strange behavior in certain configurations.

I adjusted the default= line to account for this and added a verbose comment to the template for future people.

The templates for the other distributions look fine.

Signed-off-by: Cody Robertson <cody@nerdymuffin.com>

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/ovh/the-bastion/pull/464 **Author:** [@codyro](https://github.com/codyro) **Created:** 4/6/2024 **Status:** ✅ Merged **Merged:** 4/8/2024 **Merged by:** [@speed47](https://github.com/speed47) **Base:** `master` ← **Head:** `rhel9-sshd-pam` --- ### 📝 Commits (1) - [`e8a9258`](https://github.com/ovh/the-bastion/commit/e8a9258cc98dee36a30f43a0a20a0145efeca8ac) Adjust etc/pam.d/sshd.rhel configuration ### 📊 Changes **1 file changed** (+2 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `etc/pam.d/sshd.rhel` (+2 -1) </details> ### 📄 Description Due to `pam_tally2.so` not being readily available in RHEL/derivatives (base/EPEL), it was commented out of the `pam.d/sshd` template used for RHEL. However, this change didn't take into account the `pam_succeed_if.so` module skipping a specific number of rules, and commenting out this rule without adjusting the `default=` line caused strange behavior in certain configurations. I adjusted the `default=` line to account for this and added a verbose comment to the template for future people. The templates for the other distributions look fine. `Signed-off-by: Cody Robertson <cody@nerdymuffin.com>` --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>