Package: libpam-ssh Version: 2.3+ds-2 Severity: critical Justification: breaks unrelated software
Dear Maintainer, I configured and used the ssh-key forwarding of openssh. The mere installation of libpam-ssh on the client machine breaks the functionality of agent-forwarding in openssh: The reason for this is that libpam-ssh launches its own ssh-agent instead of respecting the forward. I have a server with an ssh-agent running and charged with the keys. Server and clients are configured to forward the agent ("ForwardAgent yes" in the config files). This is done by setting the environment variable SSH_AUTH_SOCK appropriately. I can then log from one client to the next, and the key requests are forwarded to the server. On the client machine with libpam-ssh installed, however, this functionality is broken: Instead of forwarding the agent from the server, it sets the environment variables SSH_AUTH_PID and SSH_AUTH_SOCK then point to the freshly started ssh-agent on the client, which has no keys charged. Thus, the login to the next client fails. -- System Information: Debian Release: 11.0 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.10.0-8-amd64 (SMP w/16 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libpam-ssh depends on: ii libc6 2.31-13 ii libpam-runtime 1.4.0-9 ii libpam0g 1.4.0-9 ii libssl1.1 1.1.1k-1+deb11u1 Versions of packages libpam-ssh recommends: ii libpam-tmpdir 0.09+b2 ii openssh-client [ssh-client] 1:8.4p1-5 libpam-ssh suggests no packages. -- no debconf information