Because a failure in do_pam_session causes an immediate fatal(), the connection exits uncleanly, eg, with the following PAM config: session required pam_motd.so motd=/etc/mynologin session required pam_deny.so Attempting to log in will result in: testuser@localhost's password: Read from remote host localhost: Connection reset by peer Connection to localhost closed.
Created attachment 678 [details] If do_pam_session fails, end output to user then close session. Patch to fix. If a PAM session module fails, this is what happens: $ ssh testuser@localhost testuser@localhost's password: No user logins right now. Connection to localhost closed.
Created attachment 679 [details] Make work for privsep=no too
Comment on attachment 679 [details] Make work for privsep=no too ok
Thanks, applied.
Change all RESOLVED bug to CLOSED with the exception of the ones fixed post-4.4.