NetBSD Problem Report #59979

From www@netbsd.org  Sun Feb  8 02:49:05 2026
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "mail.netbsd.org", Issuer "R13" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 31D2D1A923D
	for <gnats-bugs@gnats.NetBSD.org>; Sun,  8 Feb 2026 02:49:05 +0000 (UTC)
Message-Id: <20260208024904.3F5EE1A923E@mollari.NetBSD.org>
Date: Sun,  8 Feb 2026 02:49:04 +0000 (UTC)
From: campbell+netbsd@mumble.net
Reply-To: campbell+netbsd@mumble.net
To: gnats-bugs@NetBSD.org
Subject: sshd -T doesn't print UsePam
X-Send-Pr-Version: www-1.0
X-From4GNATS: "campbell+netbsd@mumble.net via gnats" <gnats-admin@NetBSD.org>

>Number:         59979
>Category:       bin
>Synopsis:       sshd -T doesn't print UsePam
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Feb 08 02:50:00 +0000 2026
>Last-Modified:  Sun Feb 08 18:00:01 +0000 2026
>Originator:     Taylor R Campbell
>Release:        current, 11, 10, 9, ...
>Organization:
>Environment:
>Description:
     -T      Extended test mode.  Check the validity of the configuration
             file, output the effective configuration to stdout and then exit.
             Optionally, Match rules may be applied by specifying the
             connection parameters using one or more -C options.

This works for various options like AuthenticationMethods:

# sshd -T | grep -i authenticationmethods
authenticationmethods publickey
# 

But it doesn't show UsePam:

# sshd -T | grep -i usepam
# 
>How-To-Repeat:
sshd -T
>Fix:
Yes, please!

>Audit-Trail:
From: mlelstv@serpens.de (Michael van Elst)
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: bin/59979: sshd -T doesn't print UsePam
Date: Sun, 8 Feb 2026 07:25:09 -0000 (UTC)

 gnats-admin@NetBSD.org ("campbell+netbsd@mumble.net via gnats") writes:

 ># sshd -T | grep -i usepam
 ># 

 tazz: {7} uname -sr
 NetBSD 11.99.5
 tazz: {1} sudo sshd -T | grep -i pam
 usepam yes
 pamservicename sshd


 Looks like sshd wasn't compiled with USE_PAM (maybe MKPAM=no).

From: Taylor R Campbell <riastradh@NetBSD.org>
To: Michael van Elst <mlelstv@serpens.de>
Cc: gnats-bugs@netbsd.org, netbsd-bugs@NetBSD.org
Subject: Re: bin/59979: sshd -T doesn't print UsePam
Date: Sun, 8 Feb 2026 17:55:29 +0000

 > Date: Sun, 8 Feb 2026 07:25:09 -0000 (UTC)
 > From: mlelstv@serpens.de (Michael van Elst)
 > 
 > ># sshd -T | grep -i usepam
 > ># 
 > 
 > tazz: {7} uname -sr
 > NetBSD 11.99.5
 > tazz: {1} sudo sshd -T | grep -i pam
 > usepam yes
 > pamservicename sshd
 > 
 > Looks like sshd wasn't compiled with USE_PAM (maybe MKPAM=no).

 Nope, this was on hosts with MKPAM=yes.  Perhaps something changed
 between 10 and 11:

 # sshd -T | grep -i usepam
 # head -1 /etc/release
 NetBSD 9.2_STABLE/amd64
 # grep MKPAM /etc/release
                MKPAM = 'yes'

 # sshd -T | grep -i usepam
 # head -1 /etc/release
 NetBSD 10.1_STABLE/amd64
 # grep -i mkpam /etc/release
                MKPAM = 'yes'
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2026 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.