Commit 39c7929c authored by Thomas Gerbet's avatar Thomas Gerbet
Browse files

openssh: disable memlocking when building with PAM support 

With the current OpenSSH version it can result in some crashes
preventing users to log in.

Upstream issue: https://bugzilla.mindrot.org/show_bug.cgi?id=3822

For reference Debian also disabled it for now:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103418
parent aeb017b5

pkgs/tools/networking/openssh/common.nix

+3 −1
Original line number Diff line number Diff line
@@ -37,7 +37,9 @@ 
  withFIDO ? stdenv.hostPlatform.isUnix && !stdenv.hostPlatform.isMusl && withSecurityKey,

  withPAM ? stdenv.hostPlatform.isLinux,

  # Attempts to mlock the entire sshd process on startup to prevent swapping.

  withLinuxMemlock ? stdenv.hostPlatform.isLinux,

  # Currently disabled when PAM support is enabled due to crashes

  # See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1103418

  withLinuxMemlock ? (stdenv.hostPlatform.isLinux && !withPAM),

  linkOpenssl ? true,

  isNixos ? stdenv.hostPlatform.isLinux,

}: