Package: libpam-ssh Version: 2.1+ds1-1 If I ssh to a host "unstable", run "ssh localhost" or "ssh `hostname`", and exit the nested ssh session again, then the ssh-agent started by pam_ssh at first login time is lost. Hard to explain. Sample session:
% ssh harri@unstable % tty /dev/pts/6 % ps -ef | grep ssh-agen[t] harri 4824 1 0 13:39 ? 00:00:00 ssh-agent % ssh localhost % tty /dev/pts/7 % ps -ef | grep ssh-agen[t] harri 4824 1 0 13:39 ? 00:00:00 ssh-agent % exit logout Connection to localhost closed. % ps -ef | grep ssh-agen[t] % tty /dev/pts/6 The result is that I get a ssh-agent just by chance, depending upon the number of logins and the nesting level. Here is the pam configuration for ssh. grep -v ^\# /etc/pam.d/common-auth : auth [success=1 default=ignore] pam_unix.so nullok_secure auth requisite pam_deny.so auth required pam_permit.so auth optional pam_ssh.so use_first_pass auth optional pam_cap.so grep -v ^\# /etc/pam.d/common-session : session [default=1] pam_permit.so session requisite pam_deny.so session required pam_permit.so session required pam_unix.so session optional pam_ssh.so session optional pam_ck_connector.so nox11 egrep -v ^\#\|^\$ /etc/pam.d/sshd : @include common-auth account required pam_nologin.so @include common-account session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close session required pam_loginuid.so session optional pam_keyinit.so force revoke @include common-session session optional pam_motd.so motd=/run/motd.dynamic session optional pam_motd.so noupdate session optional pam_mail.so standard noenv # [1] session required pam_limits.so session required pam_env.so # [1] session required pam_env.so user_readenv=1 envfile=/etc/default/locale session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open @include common-password Regards Harri