Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian Development (http://www.linux-archive.org/debian-development/)
-   -   Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys (http://www.linux-archive.org/debian-development/694463-bug-685042-itp-libpam-ssh-authenticate-using-ssh-keys.html)

Jerome Benoit 08-16-2012 01:01 AM

Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys
 
Package: wnpp
Severity: wishlist
Owner: Jerome Benoit <g6299304p@rezozer.net>

* Package name : libpam-ssh
Version : 1.97
Upstream Author : Akorty Rosenauer
* URL : http://pam-ssh.sourceforge.net/
* License : BSD
Programming Lang: C
Description : Authenticate using SSH keys

This PAM module provides single sign-on behavior for SSH.
The user types an SSH passphrase when logging in and is
authenticated if the passphrase successfully decrypts the
user's SSH private key. In the PAM session phase, an ssh-agent
process is started and keys are added. For the entire session,
the user can SSH to other hosts that accept key authentication
without typing any passwords.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120816010133.21735.66903.reportbug@nen.dnsalias. org">http://lists.debian.org/20120816010133.21735.66903.reportbug@nen.dnsalias. org

Neil Williams 08-16-2012 06:40 AM

Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys
 
On Thu, 16 Aug 2012 03:01:33 +0200
Jerome Benoit <g6299304p@rezozer.net> wrote:

> Package: wnpp
> Severity: wishlist
> Owner: Jerome Benoit <g6299304p@rezozer.net>
>
> * Package name : libpam-ssh
> Version : 1.97
> Upstream Author : Akorty Rosenauer
> * URL : http://pam-ssh.sourceforge.net/
> * License : BSD
> Programming Lang: C
> Description : Authenticate using SSH keys
>
> This PAM module provides single sign-on behavior for SSH.
> The user types an SSH passphrase when logging in and is
> authenticated if the passphrase successfully decrypts the
> user's SSH private key. In the PAM session phase, an ssh-agent
> process is started and keys are added. For the entire session,
> the user can SSH to other hosts that accept key authentication
> without typing any passwords.

Is this about using removable media to store the SSH private key to
login to machines which only have the public key? That would be useful
(but isn't that covered by existing PAM support?) Is this some form of
hot-desking support?

If not, why is this better than a user having a different password for
login and for the SSH key? Why tie login to one of my SSH private keys?

The homepage doesn't make this clear, it sounds like the module just
maps the user login via a graphical desktop manager to a particular SSH
key the private key for which has to live on the system behind the login
anyway. What's the point?

--


Neil Williams
=============
http://www.linux.codehelp.co.uk/

Jon Dowland 08-16-2012 08:39 AM

Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys
 
It would be nice if your initial upload would resolve the multiple issues
that were the cause for the package removal, rather than simply reintroduce
them.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20120816083916.GA8134@debian

Thomas Goirand 08-16-2012 09:29 AM

Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys
 
On 08/16/2012 09:01 AM, Jerome Benoit wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Jerome Benoit <g6299304p@rezozer.net>
>
> * Package name : libpam-ssh
> Version : 1.97
> Upstream Author : Akorty Rosenauer
> * URL : http://pam-ssh.sourceforge.net/
> * License : BSD
> Programming Lang: C
> Description : Authenticate using SSH keys
>
> This PAM module provides single sign-on behavior for SSH.
> The user types an SSH passphrase when logging in and is
> authenticated if the passphrase successfully decrypts the
> user's SSH private key. In the PAM session phase, an ssh-agent
> process is started and keys are added. For the entire session,
> the user can SSH to other hosts that accept key authentication
> without typing any passwords.
>
As much as I can see, the package is still in Debian (though removed
from Wheezy).

You shouldn't open an ITP for a package that is already in the archive.
If your intention is to adopt the package, then you should follow the
MIA process, have the package orphaned, then rename the orphaned
bug as ITA (Intention To Adopt) adopt it by uploading new versions.
And for that, there's no need for an ITP.

Thanks for your intention to adopt this package,
Cheers,

Thomas Goirand (zigo)


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 502CBD76.6080701@debian.org">http://lists.debian.org/502CBD76.6080701@debian.org

Jerome BENOIT 08-16-2012 02:03 PM

Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys
 
Hello:

On 16/08/12 10:39, Jon Dowland wrote:

It would be nice if your initial upload would resolve the multiple issues
that were the cause for the package removal, rather than simply reintroduce
them.


I am totally agree with you, and I am working on it.
I guess that you understand that I wanted to make a ``reservation' before
to revisit the Package.


Cheers,
Jerome








--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 502CFDC1.8040101@rezozer.net">http://lists.debian.org/502CFDC1.8040101@rezozer.net

Jerome BENOIT 08-16-2012 02:14 PM

Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys
 
Hello:

On 16/08/12 11:29, Thomas Goirand wrote:

On 08/16/2012 09:01 AM, Jerome Benoit wrote:

Package: wnpp
Severity: wishlist
Owner: Jerome Benoit<g6299304p@rezozer.net>

* Package name : libpam-ssh
Version : 1.97
Upstream Author : Akorty Rosenauer
* URL : http://pam-ssh.sourceforge.net/
* License : BSD
Programming Lang: C
Description : Authenticate using SSH keys

This PAM module provides single sign-on behavior for SSH.
The user types an SSH passphrase when logging in and is
authenticated if the passphrase successfully decrypts the
user's SSH private key. In the PAM session phase, an ssh-agent
process is started and keys are added. For the entire session,
the user can SSH to other hosts that accept key authentication
without typing any passwords.


As much as I can see, the package is still in Debian (though removed
from Wheezy).

You shouldn't open an ITP for a package that is already in the archive.
If your intention is to adopt the package, then you should follow the
MIA process, have the package orphaned, then rename the orphaned
bug as ITA (Intention To Adopt) adopt it by uploading new versions.
And for that, there's no need for an ITP.


The situation is ambiguous as I posted before in the debian-devel@lists.debian.org list:
the package is not orphaned, was removed but it is still present.
There is a void here, and it is why I asked on the list:
it was suggested to make an ITP since it was removed.

It appears that the Maintainer has retired from Debian.
According to him, his Debian packages are orphaned, and he has no more access to his Debian account.



Thanks for your intention to adopt this package,
Cheers,


Best wishes,
Jerome




Thomas Goirand (zigo)



--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 502D002F.9060109@rezozer.net">http://lists.debian.org/502D002F.9060109@rezozer.net

Jerome BENOIT 08-16-2012 02:26 PM

Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys
 
Hello:

On 16/08/12 08:40, Neil Williams wrote:

On Thu, 16 Aug 2012 03:01:33 +0200
Jerome Benoit<g6299304p@rezozer.net> wrote:


Package: wnpp
Severity: wishlist
Owner: Jerome Benoit<g6299304p@rezozer.net>

* Package name : libpam-ssh
Version : 1.97
Upstream Author : Akorty Rosenauer
* URL : http://pam-ssh.sourceforge.net/
* License : BSD
Programming Lang: C
Description : Authenticate using SSH keys

This PAM module provides single sign-on behavior for SSH.
The user types an SSH passphrase when logging in and is
authenticated if the passphrase successfully decrypts the
user's SSH private key. In the PAM session phase, an ssh-agent
process is started and keys are added. For the entire session,
the user can SSH to other hosts that accept key authentication
without typing any passwords.


Is this about using removable media to store the SSH private key to
login to machines which only have the public key?


NO !

That would be useful

(but isn't that covered by existing PAM support?) Is this some form of
hot-desking support?

If not, why is this better than a user having a different password for
login and for the SSH key? Why tie login to one of my SSH private keys?


Let say that I used it to launch ssh-agent when I login (from console or desktop).



The homepage doesn't make this clear, it sounds like the module just
maps the user login via a graphical desktop manager to a particular SSH
key the private key for which has to live on the system behind the login
anyway. What's the point?


I am agree that the descriptions on the homepage and within the Debian package are confusing:
I will try to improve this part as well.


Thanks,
Jerome









--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 502D02FA.8020307@rezozer.net">http://lists.debian.org/502D02FA.8020307@rezozer.net

Antti-Juhani Kaijanaho 08-16-2012 03:31 PM

Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys
 
On Thu, Aug 16, 2012 at 04:14:07PM +0200, Jerome BENOIT wrote:
> The situation is ambiguous as I posted before in the debian-devel@lists.debian.org list:
> the package is not orphaned, was removed but it is still present.

There is no ambiguity. The package is present in unstable and thus is not
"removed" in the sense that word is commonly used without qualifiers. (The
proper way to describe what happened to the package is "removed from testing" -
a release engineering action that doesn't imply any change in a package's
maintainership.)

> There is a void here, and it is why I asked on the list: it was suggested to
> make an ITP since it was removed.

An ITP is inappropriate so long as the package is present in unstable or
experimental.

> It appears that the Maintainer has retired from Debian.

In that case, the package likely is available for salvaging (that is, for
taking over maintainership without going throug a period of formal ITA or O
period).

--
Antti-Juhani Kaijanaho, Jyväskylä, Finland
http://antti-juhani.kaijanaho.fi/newblog/
http://www.flickr.com/photos/antti-juhani/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120816153138.GB2585@kukkavihko.kaijanaho.fi">htt p://lists.debian.org/20120816153138.GB2585@kukkavihko.kaijanaho.fi


Thu Aug 16 18:30:01 2012
Return-Path: <bounce-debian-user=tom=linux-archive.org@lists.debian.org>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
eagle542.startdedicated.com
X-Spam-Level:
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIM_SIGNED,FSL_RCVD_USER,
RCVD_IN_DNSWL_HI,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-Original-To: tom@linux-archive.org
Delivered-To: tom-linux-archive.org@eagle542.startdedicated.com
Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by eagle542.startdedicated.com (Postfix) with ESMTP id EBD4220E05FB
for <tom@linux-archive.org>; Thu, 16 Aug 2012 17:32:36 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with QMQP
id E9F4F205; Thu, 16 Aug 2012 15:32:13 +0000 (UTC)
Old-Return-Path: <debian-user@list-post.mks-mail.de>
X-Original-To: lists-debian-user@bendel.debian.org
Delivered-To: lists-debian-user@bendel.debian.org
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with ESMTP id D78CCB1
for <lists-debian-user@bendel.debian.org>; Thu, 16 Aug 2012 15:32:00 +0000 (UTC)
X-Virus-Scanned: at lists.debian.org with policy bank en-ht
X-Amavis-Spam-Status: No, score=-7 tagged_above=-10000 required=5.3
tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FOURLA=0.1, LDO_WHITELIST=-5] autolearn=ham
Received: from bendel.debian.org ([127.0.0.1])
by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525)
with ESMTP id EY7JtmN2bxmJ for <lists-debian-user@bendel.debian.org>;
Thu, 16 Aug 2012 15:31:52 +0000 (UTC)
X-policyd-weight: DYN_NJABL=SKIP(0) NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_FROM_MX=-3.1; rate: -6.1
Received: from mail.ddt-consult.de (mail.ddt-consult.de [176.9.143.18])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by bendel.debian.org (Postfix) with ESMTPS id A62B4205
for <debian-user@lists.debian.org>; Thu, 16 Aug 2012 15:31:51 +0000 (UTC)
Received: from ddt-filter.ddt-consult.intern (ddt-filter.ddt-consult.intern [192.168.1.116])
by mail.ddt-consult.de (Postfix) with ESMTP id 6CC722CA9BC
for <debian-user@lists.debian.org>; Thu, 16 Aug 2012 17:31:49 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
list-post.mks-mail.de; h=content-transfer-encoding:content-type
:content-type:in-reply-to:references:subject:subject
:mime-version:user-agent:reply-to:from:from:date:date:message-id
:received:received; s=lpm; t=1345131108; bh=+rAImAqtu9wkK981j3wq
p4GzE1Ta/J6ovw69ux2LPgk=; b=putv+z2RmzK+AK/kl8sCJmlMOKZg+2L9XQVL
I9JCbbE2nvDRtjn42UsOCHcW79I2rD14ugeJhd9/sgnzRRnPAt79khmwwywle/j1
TMk/5LKIphfgu43rJQRQhFBZ36cJsJ7T9rq3J8Nf+gMuf/UxZw1/f9M1Ftqjq32X
yALDSvc=
X-Virus-Scanned: Debian amavisd-new at ns1
Received: from mail.ddt-consult.de ([192.168.1.101])
by ddt-filter.ddt-consult.intern (ddt-filter.ddt-consult.intern [192.168.1.116]) (amavisd-new, port 20024)
with LMTP id q35on_tx2QHH for <debian-user@lists.debian.org>;
Thu, 16 Aug 2012 17:31:48 +0200 (CEST)
Received: from legolas.home.ddt.intern (p5DC375EE.dip.t-dialin.net [93.195.117.238])
(Authenticated sender: mks@list-post.mks-mail.de)
by mail.ddt-consult.de (Postfix) with ESMTPSA id 92D802CA9B9
for <debian-user@lists.debian.org>; Thu, 16 Aug 2012 17:31:48 +0200 (CEST)
Message-ID: <502D1263.7060105@list-post.mks-mail.de>
Date: Thu, 16 Aug 2012 17:31:47 +0200
From: =?ISO-8859-1?Q?Markus_Sch=F6nhaber?=
<debian-user@list-post.mks-mail.de>
Reply-To: debian-user@lists.debian.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0
MIME-Version: 1.0
To: debian-user@lists.debian.org
Subject: Re: [1/2OT] ssh & wireless related
References: <502D0B00.7020409@gmail.com>
In-Reply-To: <502D0B00.7020409@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Rc-Virus: 2007-09-13_01
X-Rc-Spam: 2008-11-04_01
Resent-Message-ID: <i1crMAEI6DF.A.HwD.9JRLQB@bendel>
Resent-From: debian-user@lists.debian.org
X-Mailing-List: <debian-user@lists.debian.org> archive/latest/637669
X-Loop: debian-user@lists.debian.org
List-Id: <debian-user.lists.debian.org>
List-Post: <mailto:debian-user@lists.debian.org>
List-Help: <mailto:debian-user-request@lists.debian.org?subject=help>
List-Subscribe: <mailto:debian-user-request@lists.debian.org?subject=subscribe>
List-Unsubscribe: <mailto:debian-user-request@lists.debian.org?subject=unsubscribe>
Precedence: list
Resent-Sender: debian-user-request@lists.debian.org
Resent-Date: Thu, 16 Aug 2012 15:32:13 +0000 (UTC)

16.08.2012 17:00, lina:

> Strangely once I restarted the network-manager, the connection restore
> as normal, I mean the ssh connection is still there.
> Is it strange? I thought it's broken, the connection.

There's nothing strange with that.
A TCP connection is essentially identified by the quadruple (src port,
src IP, dest port, dest IP). As long as none of the elements of this
quadruple change, the connection may stay "intact" (even if some machine
on the route from src to dest is rebooted, for example).
Nevertheless, if data is to be transmitted while the other end of the
connection is not reachable for some reason, either end may tear down
the connection.

--
Regards
mks



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/502D1263.7060105@list-post.mks-mail.de

Alexander Wirt 08-16-2012 03:41 PM

Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys
 
On Thu, 16 Aug 2012, Antti-Juhani Kaijanaho wrote:

> On Thu, Aug 16, 2012 at 04:14:07PM +0200, Jerome BENOIT wrote:
> > The situation is ambiguous as I posted before in the debian-devel@lists.debian.org list:
> > the package is not orphaned, was removed but it is still present.
>
> There is no ambiguity. The package is present in unstable and thus is not
> "removed" in the sense that word is commonly used without qualifiers. (The
> proper way to describe what happened to the package is "removed from testing" -
> a release engineering action that doesn't imply any change in a package's
> maintainership.)
What let you think this?
rmadison libpam-ssh
libpam-ssh | 1.92-14 | squeeze | source, amd64, armel, i386, ia64,
kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390, sparc
W: Archive maintenance is in progress; database inconsistencies are
possible.


[Date: Fri, 02 Dec 2011 16:51:17 +0000] [ftpmaster: Alexander
Reichle-Schmehl]
Removed the following packages from unstable:

libpam-ssh | 1.92-14 | source
libpam-ssh | 1.92-14+b1 | amd64, armel, i386, ia64, kfreebsd-amd64,
kfreebsd-i386, mips, mipsel, powerpc, s390, sparc
Closed bugs: 650644


Alex



--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120816154108.GC5733@snow-crash.org">http://lists.debian.org/20120816154108.GC5733@snow-crash.org

Antti-Juhani Kaijanaho 08-16-2012 03:42 PM

Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys
 
On Thu, Aug 16, 2012 at 05:39:50PM +0200, Jerome BENOIT wrote:
> According to its PTS ( http://packages.qa.debian.org/libp/libpam-ssh.html ):
> [2011-12-03] libpam-ssh REMOVED from testing (Britney)
> [2011-12-02] Removed 1.92-14 from unstable (Alexander Reichle-Schmehl)
>
> So I guess it must be considered as removed.

Yes, you are right. Sorry for my careless reading of that page.

In any case, no ambiguity, it seems. I don't think a package's presence in
stable or oldstable alone is a problem.

--
Antti-Juhani Kaijanaho, Jyväskylä, Finland
http://antti-juhani.kaijanaho.fi/newblog/
http://www.flickr.com/photos/antti-juhani/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120816154232.GD2585@kukkavihko.kaijanaho.fi">htt p://lists.debian.org/20120816154232.GD2585@kukkavihko.kaijanaho.fi


All times are GMT. The time now is 01:23 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.