libpam-ssh (2.2+ds-1) unstable; urgency=medium Support for SSH1 and RSA1 protocols were dropped upstream. -- Jerome Benoit Sat, 12 Jan 2019 11:44:00 +0000 libpam-ssh (2.01+ds-1) experimental; urgency=medium The PAM SSH session management component now passes the SSH keys to the SSH agent according to an explicit order as described in the refreshed manpage pam_ssh(8); the effective order can be listed with ssh-add(1) (options -L and -l). -- Jerome Benoit Sun, 08 Mar 2015 13:23:00 +0000 libpam-ssh (1.98-2) unstable; urgency=low The PAM configuration file, meant to be used by pam-add-update(8), has been renamed from silent-ssh-single-sign-on to ssh wrt to the emerging custom. The prerm script removes the profile associated to the obsoleted PAM configuration file silent-ssh-single-sign-on. On the other hand, the postinst script will add the same profile but under its new name, ssh. The content itself of the involved PAM configuration file has not been modified. The superuser may want to update the pam-auth-update(8) setup by invoking it; depending on its priority on questions, debconf may or may not arise during configuration. Meanwhile, a bug report has been submitted to the libpam-tmpdir team (#711100) to permit a better interaction with this package via the pam-add-update(8) machinery. -- Jerome Benoit Sun, 14 Jul 2013 13:35:44 +0000 libpam-ssh (1.92-1) unstable; urgency=low The PAM module configuration line must now be directly inserted into the relevant PAM configuration files instead of being included. See the README.Debian for configuration examples. The 'keyfiles' option is now obsolete, and the concept of "login keys" has been introduced: the authentication module will locate and decrypt all SSH keys in the directory $HOME/.ssh/login-keys.d and use these keys (and only these) for authentication. The traditional SSH keys 'identity', 'id_dsa' and 'id_rsa' in $HOME/.ssh will also be decrypted and passed to the SSH agent, but these keys will not be used for authentication. The 'try_first_pass' now works as advertised, namely by asking for an SSH passphrase if the password from the previous PAM module fails to decrypt any of the user's SSH keys. The 'debug' option now works as advertised, and the output goes into /var/log/auth.log . -- Jens Peter Secher Sat, 21 Dec 2008 15:41:52 +0100