slackware-current/patches/source/openssh/sshd.pam

#%PAM-1.0
# pam_securetty.so is commented out since sshd already does a good job of
# protecting itself. You may uncomment it if you like, but then you may
# need to add additional consoles to /etc/securetty if you want to allow
# root logins on them, such as: ssh, pts/0, :0, etc
#auth            required        pam_securetty.so
# When using pam_faillock, print a message to the user if the account is
# locked. This lets the user know what is going on, but it also potentially
# gives additional information to attackers:
#auth            requisite       pam_faillock.so preauth
auth            include         system-auth
# To set a limit on failed authentications, the pam_faillock module
# can be enabled. See pam_faillock(8) for more information.
#auth            [default=die]   pam_faillock.so authfail
#auth            sufficient      pam_faillock.so authsucc
auth            include         postlogin
account         required        pam_nologin.so
account         include         system-auth
password        include         system-auth
session         include         system-auth
session         include         postlogin
session         required        pam_loginuid.so
-session        optional        pam_elogind.so
Thu Feb 2 22:52:48 UTC 2023 patches/packages/openssh-9.2p1-x86_64-1_slack15.0.txz: Upgraded. This release contains fixes for two security problems and a memory safety problem. The memory safety problem is not believed to be exploitable, but upstream reports most network-reachable memory faults as security bugs. This update contains some potentially incompatible changes regarding the scp utility. For more information, see: https://www.openssh.com/releasenotes.html#9.0 For more information, see: https://www.openssh.com/releasenotes.html#9.2 (* Security fix *) 2023-02-02 23:52:48 +01:00			`#%PAM-1.0`
			`# pam_securetty.so is commented out since sshd already does a good job of`
			`# protecting itself. You may uncomment it if you like, but then you may`
			`# need to add additional consoles to /etc/securetty if you want to allow`
			`# root logins on them, such as: ssh, pts/0, :0, etc`
			`#auth required pam_securetty.so`
			`# When using pam_faillock, print a message to the user if the account is`
			`# locked. This lets the user know what is going on, but it also potentially`
			`# gives additional information to attackers:`
			`#auth requisite pam_faillock.so preauth`
			`auth include system-auth`
			`# To set a limit on failed authentications, the pam_faillock module`
			`# can be enabled. See pam_faillock(8) for more information.`
			`#auth [default=die] pam_faillock.so authfail`
			`#auth sufficient pam_faillock.so authsucc`
			`auth include postlogin`
			`account required pam_nologin.so`
			`account include system-auth`
			`password include system-auth`
			`session include system-auth`
			`session include postlogin`
			`session required pam_loginuid.so`
			`-session optional pam_elogind.so`