When a PAM auth module calls through the pam_conv to display a non-prompt message just before it returns PAM_AUTH_ERR, sshd gets the message text and appends it to a banner buffer to be sent later at session startup. The problem is that because authentication fails, the buffer is never sent, meaning the important message from the auth module never makes it to the user client.
Created attachment 894 [details] send output from pam modules as info text Please try this patch (against -current but may apply to earlier versions). I'm not sure it does the right thing in all cases, though, so it want looking at pretty carefully.
Does the attached patch fix the issue you're seeing?
(In reply to comment #2) > Does the attached patch fix the issue you're seeing? Yes. It has been in the vintela-openssh patches for about 2 months now and seems pretty stable.
In that case unless there are any objections I will apply it to the main tree. Thanks.
Patch in attachment #894 [details] has been applied to both -HEAD and 4.2 branch. Thanks all.
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.