Package: libpam-ssh
Version: 2.1+ds1-1
If I ssh to a host "unstable", run "ssh localhost" or
"ssh `hostname`", and exit the nested ssh session again, then
the ssh-agent started by pam_ssh at first login time is lost.
Hard to explain. Sample session:
% ssh harri@unstable
% tty
/dev/pts/6
% ps -ef | grep ssh-agen[t]
harri 4824 1 0 13:39 ? 00:00:00 ssh-agent
% ssh localhost
% tty
/dev/pts/7
% ps -ef | grep ssh-agen[t]
harri 4824 1 0 13:39 ? 00:00:00 ssh-agent
% exit
logout
Connection to localhost closed.
% ps -ef | grep ssh-agen[t]
% tty
/dev/pts/6
The result is that I get a ssh-agent just by chance, depending
upon the number of logins and the nesting level.
Here is the pam configuration for ssh.
grep -v ^\# /etc/pam.d/common-auth :
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_ssh.so use_first_pass
auth optional pam_cap.so
grep -v ^\# /etc/pam.d/common-session :
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session required pam_unix.so
session optional pam_ssh.so
session optional pam_ck_connector.so nox11
egrep -v ^\#\|^\$ /etc/pam.d/sshd :
@include common-auth
account required pam_nologin.so
@include common-account
session [success=ok ignore=ignore module_unknown=ignore default=bad]
pam_selinux.so close
session required pam_loginuid.so
session optional pam_keyinit.so force revoke
@include common-session
session optional pam_motd.so motd=/run/motd.dynamic
session optional pam_motd.so noupdate
session optional pam_mail.so standard noenv # [1]
session required pam_limits.so
session required pam_env.so # [1]
session required pam_env.so user_readenv=1
envfile=/etc/default/locale
session [success=ok ignore=ignore module_unknown=ignore default=bad]
pam_selinux.so open
@include common-password
Regards
Harri
