libpam-ssh (2.3+ds-4) unstable; urgency=medium

    There is now three available PAM configuration profiles: ssh-pwd,
    ssh-client, and ssh-server. The former PAM configuration profile
    was renamed from ssh to ssh-pwd and it is now described with a more
    appropriate NAME. Their usage is detailed in README.Debian.

    The prerm script removes the profile associated to the obsoleted PAM
    configuration files silent-ssh-single-sign-on and ssh. The postinst
    script wil add the profile ssh-pwd. Superusers may want to choose
    one or none of them by invoking pam-auth-update(8).

 -- Jerome Benoit <calculus@rezozer.net>  Tue, 28 Dec 2021 14:01:59 +0000

libpam-ssh (2.2+ds-1) unstable; urgency=medium

    Support for SSH1 and RSA1 protocols were dropped upstream.

 -- Jerome Benoit <calculus@rezozer.net>  Sat, 12 Jan 2019 11:44:00 +0000

libpam-ssh (2.01+ds-1) experimental; urgency=medium

    The PAM SSH session management component now passes the SSH keys to
    the SSH agent according to an explicit order as described in the
    refreshed manpage pam_ssh(8); the effective order can be listed with
    ssh-add(1) (options -L and -l).

 -- Jerome Benoit <calculus@rezozer.net>  Sun, 08 Mar 2015 13:23:00 +0000

libpam-ssh (1.98-2) unstable; urgency=low

    The PAM configuration file, meant to be used by pam-add-update(8),
    has been renamed from silent-ssh-single-sign-on to ssh wrt to the
    emerging custom. The prerm script removes the profile associated
    to the obsoleted PAM configuration file silent-ssh-single-sign-on.
    On the other hand, the postinst script will add the same profile
    but under its new name, ssh. The content itself of the involved PAM
    configuration file has not been modified.
    The superuser may want to update the pam-auth-update(8) setup by
    invoking it; depending on its priority on questions, debconf may
    or may not arise during configuration.
    Meanwhile, a bug report has been submitted to the libpam-tmpdir
    team (#711100) to permit a better interaction with this package
    via the pam-add-update(8) machinery.

 -- Jerome Benoit <calculus@rezozer.net>  Sun, 14 Jul 2013 13:35:44 +0000

libpam-ssh (1.92-1) unstable; urgency=low

    The PAM module configuration line must now be directly inserted into
    the relevant PAM configuration files instead of being included.  See
    the README.Debian for configuration examples.

    The 'keyfiles' option is now obsolete, and the concept of "login keys"
    has been introduced: the authentication module will locate and decrypt
    all SSH keys in the directory $HOME/.ssh/login-keys.d and use these
    keys (and only these) for authentication.

    The traditional SSH keys 'identity', 'id_dsa' and 'id_rsa' in
    $HOME/.ssh will also be decrypted and passed to the SSH agent, but
    these keys will not be used for authentication.

    The 'try_first_pass' now works as advertised, namely by asking for an
    SSH passphrase if the password from the previous PAM module fails to
    decrypt any of the user's SSH keys.

    The 'debug' option now works as advertised, and the output goes into
    /var/log/auth.log .

 -- Jens Peter Secher <jps@debian.org>  Sat, 21 Dec 2008 15:41:52 +0100