Package: libpam-ssh
Version: 2.3+ds-2
Severity: critical
Justification: breaks unrelated software
Dear Maintainer,
I configured and used the ssh-key forwarding of openssh. The mere installation
of libpam-ssh on the client machine breaks the functionality of
agent-forwarding in openssh: The reason for this is that libpam-ssh launches
its own ssh-agent instead of respecting the forward.
I have a server with an ssh-agent running and charged with the keys. Server and
clients are configured to forward the agent ("ForwardAgent yes" in the config
files). This is done by setting the environment variable SSH_AUTH_SOCK
appropriately. I can then log from one client to the next, and the key requests
are forwarded to the server. On the client machine with libpam-ssh installed,
however, this functionality is broken: Instead of forwarding the agent from the
server, it sets the environment variables SSH_AUTH_PID and SSH_AUTH_SOCK then
point to the freshly started ssh-agent on the client, which has no keys
charged. Thus, the login to the next client fails.
-- System Information:
Debian Release: 11.0
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.10.0-8-amd64 (SMP w/16 CPU threads)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US.UTF-8
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libpam-ssh depends on:
ii libc6 2.31-13
ii libpam-runtime 1.4.0-9
ii libpam0g 1.4.0-9
ii libssl1.1 1.1.1k-1+deb11u1
Versions of packages libpam-ssh recommends:
ii libpam-tmpdir 0.09+b2
ii openssh-client [ssh-client] 1:8.4p1-5
libpam-ssh suggests no packages.
-- no debconf information
