Bug 27988
| Summary: | [PATCH] let pam_ssh.so explicitly start ssh-agent with bourne | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Base System | Reporter: | ruben | ||||
| Component: | bin | Assignee: | Dag-Erling Smørgrav <des> | ||||
| Status: | Closed FIXED | ||||||
| Severity: | Affects Only Me | CC: | green | ||||
| Priority: | Normal | ||||||
| Version: | 4.3-STABLE | ||||||
| Hardware: | Any | ||||||
| OS: | Any | ||||||
| Attachments: |
|
||||||
Hi, is this still the case after the major PAM rewriting? Thanks Marc Responsible Changed From-To: freebsd-bugs->des Assign to SSH maintainer State Changed From-To: open->closed OBE |
The pam_ssh module has the possibility to start ssh-agent for you, making a single logon possible by directly feeding your passphrase into the agent (obtained during the authentification phase) However, ssh-agent has the habit on my system to present its output in C shell format whereas pam_ssh expects it to be in Bourne shell format (pam_ssh.c, lines 397-409) This does not affect the auth capability, only the session phase. Fix: Instead of tinkering with the parsing, or changing user shells and or the way xdm is started, let pam_ssh.so explicitly start ssh-agent to output Bourne shell syntax. Here's a patch. How-To-Repeat: Use pam_ssh.so as a session and auth module for xdm in /etc/pam.conf and observe the contents of the ~/.ssh/agent-* file after logon the following syslog messages also apply: Jun 9 13:19:47 helium -:0 : pam_ssh: could not connect to agent Jun 9 14:45:11 helium -:0 : pam_ssh: /usr/bin/ssh-agent -k exited with status 1