Control: reassign 1038151 openssh-client

On Wed, Jun 18, 2025 at 11:04:05AM +0100, Colin Watson wrote:

On Wed, Jun 18, 2025 at 10:28:41AM +0100, Simon McVittie wrote:

On Fri, 16 Jun 2023 at 02:43:29 +0200, Alban Browaeys wrote:

I cannot login anymore via ssh.
I have the openemediavault installed on this box to manage the setup and it set AllowGroups to "root ssh" in /etc/ssh/sshd_config.

...

After the request from a user to rename the "ssh" group to free it for its
own use, the "ssh" group was rename to "_ssh" in https://salsa.debian.org/ssh-team/openssh/-/commit/18da782ebe789d0cf107a550e474ba6352e68911

But other users as in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990456#35 or tools to manage Debian have come to rely on this "ssh" group.

I believe the openssh maintainers' position on this would be that the
ssh group was never intended to have ordinary users added to it, and therefore this would be a bug in "openemediavault", which seems to be third-party software that is not included in Debian?

This is correct. I 100% intended the group to be for internal use only.

I agree with the sentiment of this bug that it perhaps would have been worth documenting in the release notes, but I didn't have time; and since bookworm's release is now receding in the rear-view mirror, perhaps this has been overtaken by events? It's probably still worth documenting somewhere, although as you say:

Unfortunately, /etc/group doesn't have a mechanism for pointing to documentation about the intended purpose of a group, so it's easy for a sysadmin or a piece of third-party software to start using a group for
an unintended purpose, and I think that's what has happened here.

... so I don't know exactly where.

I agree it should not be in trixie's release notes. As this is now
mostly an openssh "issue", I'm reassigning it.

Maybe it should be in openssh-client's README.Debian?

Chris

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)