FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian Development

 
 
LinkBack Thread Tools
 
Old 08-16-2012, 01:01 AM
Jerome Benoit
 
Default Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys

Package: wnpp
Severity: wishlist
Owner: Jerome Benoit <g6299304p@rezozer.net>

* Package name : libpam-ssh
Version : 1.97
Upstream Author : Akorty Rosenauer
* URL : http://pam-ssh.sourceforge.net/
* License : BSD
Programming Lang: C
Description : Authenticate using SSH keys

This PAM module provides single sign-on behavior for SSH.
The user types an SSH passphrase when logging in and is
authenticated if the passphrase successfully decrypts the
user's SSH private key. In the PAM session phase, an ssh-agent
process is started and keys are added. For the entire session,
the user can SSH to other hosts that accept key authentication
without typing any passwords.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120816010133.21735.66903.reportbug@nen.dnsalias. org">http://lists.debian.org/20120816010133.21735.66903.reportbug@nen.dnsalias. org
 
Old 08-16-2012, 06:40 AM
Neil Williams
 
Default Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys

On Thu, 16 Aug 2012 03:01:33 +0200
Jerome Benoit <g6299304p@rezozer.net> wrote:

> Package: wnpp
> Severity: wishlist
> Owner: Jerome Benoit <g6299304p@rezozer.net>
>
> * Package name : libpam-ssh
> Version : 1.97
> Upstream Author : Akorty Rosenauer
> * URL : http://pam-ssh.sourceforge.net/
> * License : BSD
> Programming Lang: C
> Description : Authenticate using SSH keys
>
> This PAM module provides single sign-on behavior for SSH.
> The user types an SSH passphrase when logging in and is
> authenticated if the passphrase successfully decrypts the
> user's SSH private key. In the PAM session phase, an ssh-agent
> process is started and keys are added. For the entire session,
> the user can SSH to other hosts that accept key authentication
> without typing any passwords.

Is this about using removable media to store the SSH private key to
login to machines which only have the public key? That would be useful
(but isn't that covered by existing PAM support?) Is this some form of
hot-desking support?

If not, why is this better than a user having a different password for
login and for the SSH key? Why tie login to one of my SSH private keys?

The homepage doesn't make this clear, it sounds like the module just
maps the user login via a graphical desktop manager to a particular SSH
key the private key for which has to live on the system behind the login
anyway. What's the point?

--


Neil Williams
=============
http://www.linux.codehelp.co.uk/
 
Old 08-16-2012, 08:39 AM
Jon Dowland
 
Default Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys

It would be nice if your initial upload would resolve the multiple issues
that were the cause for the package removal, rather than simply reintroduce
them.


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/20120816083916.GA8134@debian
 
Old 08-16-2012, 09:29 AM
Thomas Goirand
 
Default Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys

On 08/16/2012 09:01 AM, Jerome Benoit wrote:
> Package: wnpp
> Severity: wishlist
> Owner: Jerome Benoit <g6299304p@rezozer.net>
>
> * Package name : libpam-ssh
> Version : 1.97
> Upstream Author : Akorty Rosenauer
> * URL : http://pam-ssh.sourceforge.net/
> * License : BSD
> Programming Lang: C
> Description : Authenticate using SSH keys
>
> This PAM module provides single sign-on behavior for SSH.
> The user types an SSH passphrase when logging in and is
> authenticated if the passphrase successfully decrypts the
> user's SSH private key. In the PAM session phase, an ssh-agent
> process is started and keys are added. For the entire session,
> the user can SSH to other hosts that accept key authentication
> without typing any passwords.
>
As much as I can see, the package is still in Debian (though removed
from Wheezy).

You shouldn't open an ITP for a package that is already in the archive.
If your intention is to adopt the package, then you should follow the
MIA process, have the package orphaned, then rename the orphaned
bug as ITA (Intention To Adopt) adopt it by uploading new versions.
And for that, there's no need for an ITP.

Thanks for your intention to adopt this package,
Cheers,

Thomas Goirand (zigo)


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 502CBD76.6080701@debian.org">http://lists.debian.org/502CBD76.6080701@debian.org
 
Old 08-16-2012, 02:03 PM
Jerome BENOIT
 
Default Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys

Hello:

On 16/08/12 10:39, Jon Dowland wrote:

It would be nice if your initial upload would resolve the multiple issues
that were the cause for the package removal, rather than simply reintroduce
them.


I am totally agree with you, and I am working on it.
I guess that you understand that I wanted to make a ``reservation' before
to revisit the Package.


Cheers,
Jerome








--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 502CFDC1.8040101@rezozer.net">http://lists.debian.org/502CFDC1.8040101@rezozer.net
 
Old 08-16-2012, 02:14 PM
Jerome BENOIT
 
Default Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys

Hello:

On 16/08/12 11:29, Thomas Goirand wrote:

On 08/16/2012 09:01 AM, Jerome Benoit wrote:

Package: wnpp
Severity: wishlist
Owner: Jerome Benoit<g6299304p@rezozer.net>

* Package name : libpam-ssh
Version : 1.97
Upstream Author : Akorty Rosenauer
* URL : http://pam-ssh.sourceforge.net/
* License : BSD
Programming Lang: C
Description : Authenticate using SSH keys

This PAM module provides single sign-on behavior for SSH.
The user types an SSH passphrase when logging in and is
authenticated if the passphrase successfully decrypts the
user's SSH private key. In the PAM session phase, an ssh-agent
process is started and keys are added. For the entire session,
the user can SSH to other hosts that accept key authentication
without typing any passwords.


As much as I can see, the package is still in Debian (though removed
from Wheezy).

You shouldn't open an ITP for a package that is already in the archive.
If your intention is to adopt the package, then you should follow the
MIA process, have the package orphaned, then rename the orphaned
bug as ITA (Intention To Adopt) adopt it by uploading new versions.
And for that, there's no need for an ITP.


The situation is ambiguous as I posted before in the debian-devel@lists.debian.org list:
the package is not orphaned, was removed but it is still present.
There is a void here, and it is why I asked on the list:
it was suggested to make an ITP since it was removed.

It appears that the Maintainer has retired from Debian.
According to him, his Debian packages are orphaned, and he has no more access to his Debian account.



Thanks for your intention to adopt this package,
Cheers,


Best wishes,
Jerome




Thomas Goirand (zigo)



--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 502D002F.9060109@rezozer.net">http://lists.debian.org/502D002F.9060109@rezozer.net
 
Old 08-16-2012, 02:26 PM
Jerome BENOIT
 
Default Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys

Hello:

On 16/08/12 08:40, Neil Williams wrote:

On Thu, 16 Aug 2012 03:01:33 +0200
Jerome Benoit<g6299304p@rezozer.net> wrote:


Package: wnpp
Severity: wishlist
Owner: Jerome Benoit<g6299304p@rezozer.net>

* Package name : libpam-ssh
Version : 1.97
Upstream Author : Akorty Rosenauer
* URL : http://pam-ssh.sourceforge.net/
* License : BSD
Programming Lang: C
Description : Authenticate using SSH keys

This PAM module provides single sign-on behavior for SSH.
The user types an SSH passphrase when logging in and is
authenticated if the passphrase successfully decrypts the
user's SSH private key. In the PAM session phase, an ssh-agent
process is started and keys are added. For the entire session,
the user can SSH to other hosts that accept key authentication
without typing any passwords.


Is this about using removable media to store the SSH private key to
login to machines which only have the public key?


NO !

That would be useful

(but isn't that covered by existing PAM support?) Is this some form of
hot-desking support?

If not, why is this better than a user having a different password for
login and for the SSH key? Why tie login to one of my SSH private keys?


Let say that I used it to launch ssh-agent when I login (from console or desktop).



The homepage doesn't make this clear, it sounds like the module just
maps the user login via a graphical desktop manager to a particular SSH
key the private key for which has to live on the system behind the login
anyway. What's the point?


I am agree that the descriptions on the homepage and within the Debian package are confusing:
I will try to improve this part as well.


Thanks,
Jerome









--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 502D02FA.8020307@rezozer.net">http://lists.debian.org/502D02FA.8020307@rezozer.net
 
Old 08-16-2012, 03:31 PM
Antti-Juhani Kaijanaho
 
Default Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys

On Thu, Aug 16, 2012 at 04:14:07PM +0200, Jerome BENOIT wrote:
> The situation is ambiguous as I posted before in the debian-devel@lists.debian.org list:
> the package is not orphaned, was removed but it is still present.

There is no ambiguity. The package is present in unstable and thus is not
"removed" in the sense that word is commonly used without qualifiers. (The
proper way to describe what happened to the package is "removed from testing" -
a release engineering action that doesn't imply any change in a package's
maintainership.)

> There is a void here, and it is why I asked on the list: it was suggested to
> make an ITP since it was removed.

An ITP is inappropriate so long as the package is present in unstable or
experimental.

> It appears that the Maintainer has retired from Debian.

In that case, the package likely is available for salvaging (that is, for
taking over maintainership without going throug a period of formal ITA or O
period).

--
Antti-Juhani Kaijanaho, Jyväskylä, Finland
http://antti-juhani.kaijanaho.fi/newblog/
http://www.flickr.com/photos/antti-juhani/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120816153138.GB2585@kukkavihko.kaijanaho.fi">htt p://lists.debian.org/20120816153138.GB2585@kukkavihko.kaijanaho.fi


Thu Aug 16 18:30:01 2012
Return-Path: <bounce-debian-user=tom=linux-archive.org@lists.debian.org>
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
eagle542.startdedicated.com
X-Spam-Level:
X-Spam-Status: No, score=-4.9 required=5.0 tests=DKIM_SIGNED,FSL_RCVD_USER,
RCVD_IN_DNSWL_HI,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.2
X-Original-To: tom@linux-archive.org
Delivered-To: tom-linux-archive.org@eagle542.startdedicated.com
Received: from bendel.debian.org (bendel.debian.org [82.195.75.100])
by eagle542.startdedicated.com (Postfix) with ESMTP id EBD4220E05FB
for <tom@linux-archive.org>; Thu, 16 Aug 2012 17:32:36 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with QMQP
id E9F4F205; Thu, 16 Aug 2012 15:32:13 +0000 (UTC)
Old-Return-Path: <debian-user@list-post.mks-mail.de>
X-Original-To: lists-debian-user@bendel.debian.org
Delivered-To: lists-debian-user@bendel.debian.org
Received: from localhost (localhost [127.0.0.1])
by bendel.debian.org (Postfix) with ESMTP id D78CCB1
for <lists-debian-user@bendel.debian.org>; Thu, 16 Aug 2012 15:32:00 +0000 (UTC)
X-Virus-Scanned: at lists.debian.org with policy bank en-ht
X-Amavis-Spam-Status: No, score=-7 tagged_above=-10000 required=5.3
tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, FOURLA=0.1, LDO_WHITELIST=-5] autolearn=ham
Received: from bendel.debian.org ([127.0.0.1])
by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525)
with ESMTP id EY7JtmN2bxmJ for <lists-debian-user@bendel.debian.org>;
Thu, 16 Aug 2012 15:31:52 +0000 (UTC)
X-policyd-weight: DYN_NJABL=SKIP(0) NOT_IN_SBL_XBL_SPAMHAUS=-1.5 NOT_IN_BL_NJABL=-1.5 CL_IP_EQ_FROM_MX=-3.1; rate: -6.1
Received: from mail.ddt-consult.de (mail.ddt-consult.de [176.9.143.18])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(Client did not present a certificate)
by bendel.debian.org (Postfix) with ESMTPS id A62B4205
for <debian-user@lists.debian.org>; Thu, 16 Aug 2012 15:31:51 +0000 (UTC)
Received: from ddt-filter.ddt-consult.intern (ddt-filter.ddt-consult.intern [192.168.1.116])
by mail.ddt-consult.de (Postfix) with ESMTP id 6CC722CA9BC
for <debian-user@lists.debian.org>; Thu, 16 Aug 2012 17:31:49 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=
list-post.mks-mail.de; h=content-transfer-encoding:content-type
:content-type:in-reply-to:references:subject:subject
:mime-version:user-agent:reply-to:from:from:date:date:message-id
:received:received; s=lpm; t=1345131108; bh=+rAImAqtu9wkK981j3wq
p4GzE1Ta/J6ovw69ux2LPgk=; b=putv+z2RmzK+AK/kl8sCJmlMOKZg+2L9XQVL
I9JCbbE2nvDRtjn42UsOCHcW79I2rD14ugeJhd9/sgnzRRnPAt79khmwwywle/j1
TMk/5LKIphfgu43rJQRQhFBZ36cJsJ7T9rq3J8Nf+gMuf/UxZw1/f9M1Ftqjq32X
yALDSvc=
X-Virus-Scanned: Debian amavisd-new at ns1
Received: from mail.ddt-consult.de ([192.168.1.101])
by ddt-filter.ddt-consult.intern (ddt-filter.ddt-consult.intern [192.168.1.116]) (amavisd-new, port 20024)
with LMTP id q35on_tx2QHH for <debian-user@lists.debian.org>;
Thu, 16 Aug 2012 17:31:48 +0200 (CEST)
Received: from legolas.home.ddt.intern (p5DC375EE.dip.t-dialin.net [93.195.117.238])
(Authenticated sender: mks@list-post.mks-mail.de)
by mail.ddt-consult.de (Postfix) with ESMTPSA id 92D802CA9B9
for <debian-user@lists.debian.org>; Thu, 16 Aug 2012 17:31:48 +0200 (CEST)
Message-ID: <502D1263.7060105@list-post.mks-mail.de>
Date: Thu, 16 Aug 2012 17:31:47 +0200
From: =?ISO-8859-1?Q?Markus_Sch=F6nhaber?=
<debian-user@list-post.mks-mail.de>
Reply-To: debian-user@lists.debian.org
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20120717 Thunderbird/14.0
MIME-Version: 1.0
To: debian-user@lists.debian.org
Subject: Re: [1/2OT] ssh & wireless related
References: <502D0B00.7020409@gmail.com>
In-Reply-To: <502D0B00.7020409@gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Rc-Virus: 2007-09-13_01
X-Rc-Spam: 2008-11-04_01
Resent-Message-ID: <i1crMAEI6DF.A.HwD.9JRLQB@bendel>
Resent-From: debian-user@lists.debian.org
X-Mailing-List: <debian-user@lists.debian.org> archive/latest/637669
X-Loop: debian-user@lists.debian.org
List-Id: <debian-user.lists.debian.org>
List-Post: <mailto:debian-user@lists.debian.org>
List-Help: <mailto:debian-user-request@lists.debian.org?subject=help>
List-Subscribe: <mailto:debian-user-request@lists.debian.org?subject=subscribe>
List-Unsubscribe: <mailto:debian-user-request@lists.debian.org?subject=unsubscribe>
Precedence: list
Resent-Sender: debian-user-request@lists.debian.org
Resent-Date: Thu, 16 Aug 2012 15:32:13 +0000 (UTC)

16.08.2012 17:00, lina:

> Strangely once I restarted the network-manager, the connection restore
> as normal, I mean the ssh connection is still there.
> Is it strange? I thought it's broken, the connection.

There's nothing strange with that.
A TCP connection is essentially identified by the quadruple (src port,
src IP, dest port, dest IP). As long as none of the elements of this
quadruple change, the connection may stay "intact" (even if some machine
on the route from src to dest is rebooted, for example).
Nevertheless, if data is to be transmitted while the other end of the
connection is not reachable for some reason, either end may tear down
the connection.

--
Regards
mks



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/502D1263.7060105@list-post.mks-mail.de
 
Old 08-16-2012, 03:41 PM
Alexander Wirt
 
Default Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys

On Thu, 16 Aug 2012, Antti-Juhani Kaijanaho wrote:

> On Thu, Aug 16, 2012 at 04:14:07PM +0200, Jerome BENOIT wrote:
> > The situation is ambiguous as I posted before in the debian-devel@lists.debian.org list:
> > the package is not orphaned, was removed but it is still present.
>
> There is no ambiguity. The package is present in unstable and thus is not
> "removed" in the sense that word is commonly used without qualifiers. (The
> proper way to describe what happened to the package is "removed from testing" -
> a release engineering action that doesn't imply any change in a package's
> maintainership.)
What let you think this?
rmadison libpam-ssh
libpam-ssh | 1.92-14 | squeeze | source, amd64, armel, i386, ia64,
kfreebsd-amd64, kfreebsd-i386, mips, mipsel, powerpc, s390, sparc
W: Archive maintenance is in progress; database inconsistencies are
possible.


[Date: Fri, 02 Dec 2011 16:51:17 +0000] [ftpmaster: Alexander
Reichle-Schmehl]
Removed the following packages from unstable:

libpam-ssh | 1.92-14 | source
libpam-ssh | 1.92-14+b1 | amd64, armel, i386, ia64, kfreebsd-amd64,
kfreebsd-i386, mips, mipsel, powerpc, s390, sparc
Closed bugs: 650644


Alex



--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120816154108.GC5733@snow-crash.org">http://lists.debian.org/20120816154108.GC5733@snow-crash.org
 
Old 08-16-2012, 03:42 PM
Antti-Juhani Kaijanaho
 
Default Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys

On Thu, Aug 16, 2012 at 05:39:50PM +0200, Jerome BENOIT wrote:
> According to its PTS ( http://packages.qa.debian.org/libp/libpam-ssh.html ):
> [2011-12-03] libpam-ssh REMOVED from testing (Britney)
> [2011-12-02] Removed 1.92-14 from unstable (Alexander Reichle-Schmehl)
>
> So I guess it must be considered as removed.

Yes, you are right. Sorry for my careless reading of that page.

In any case, no ambiguity, it seems. I don't think a package's presence in
stable or oldstable alone is a problem.

--
Antti-Juhani Kaijanaho, Jyväskylä, Finland
http://antti-juhani.kaijanaho.fi/newblog/
http://www.flickr.com/photos/antti-juhani/


--
To UNSUBSCRIBE, email to debian-devel-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 20120816154232.GD2585@kukkavihko.kaijanaho.fi">htt p://lists.debian.org/20120816154232.GD2585@kukkavihko.kaijanaho.fi
 

Thread Tools




All times are GMT. The time now is 06:42 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org