libpam-ssh (2.3+ds-7) unstable; urgency=medium
Recent versions of OpenSSH have raised Important bugs (#994992,#995452).
Basically sshd and libpam-ssh do not (no more ?) coexist properly. This
partially reduces the usability of this package. Furthermore, this issue
adds on to the fact that libpam-ssh is no longer supported upstream. As
this package deals with security matters, it becomes therefore appropriate
to encourage users to migrate to alternatives. Unfortunately, I am not
aware any alternative with remotely similar functionality. I personnaly
envisage to configure an ad hoc scheme based on the package keychain.
To avoid migrating in hurry, libpam-ssh may stay in Sid for a while.
Meanwhile suggestions on alternatives are welcome.
-- Jerome Benoit <calculus@rezozer.net> Sat, 31 Aug 2024 18:55:31 +0000
libpam-ssh (2.3+ds-4) unstable; urgency=medium
There is now three available PAM configuration profiles: ssh-pwd,
ssh-client, and ssh-server. The former PAM configuration profile
was renamed from ssh to ssh-pwd and it is now described with a more
appropriate NAME. Their usage is detailed in README.Debian.
The prerm script removes the profile associated to the obsoleted PAM
configuration files silent-ssh-single-sign-on and ssh. The postinst
script wil add the profile ssh-pwd. Superusers may want to choose
one or none of them by invoking pam-auth-update(8).
-- Jerome Benoit <calculus@rezozer.net> Tue, 28 Dec 2021 14:01:59 +0000
libpam-ssh (2.2+ds-1) unstable; urgency=medium
Support for SSH1 and RSA1 protocols were dropped upstream.
-- Jerome Benoit <calculus@rezozer.net> Sat, 12 Jan 2019 11:44:00 +0000
libpam-ssh (2.01+ds-1) experimental; urgency=medium
The PAM SSH session management component now passes the SSH keys to
the SSH agent according to an explicit order as described in the
refreshed manpage pam_ssh(8); the effective order can be listed with
ssh-add(1) (options -L and -l).
-- Jerome Benoit <calculus@rezozer.net> Sun, 08 Mar 2015 13:23:00 +0000
libpam-ssh (1.98-2) unstable; urgency=low
The PAM configuration file, meant to be used by pam-add-update(8),
has been renamed from silent-ssh-single-sign-on to ssh wrt to the
emerging custom. The prerm script removes the profile associated
to the obsoleted PAM configuration file silent-ssh-single-sign-on.
On the other hand, the postinst script will add the same profile
but under its new name, ssh. The content itself of the involved PAM
configuration file has not been modified.
The superuser may want to update the pam-auth-update(8) setup by
invoking it; depending on its priority on questions, debconf may
or may not arise during configuration.
Meanwhile, a bug report has been submitted to the libpam-tmpdir
team (#711100) to permit a better interaction with this package
via the pam-add-update(8) machinery.
-- Jerome Benoit <calculus@rezozer.net> Sun, 14 Jul 2013 13:35:44 +0000
libpam-ssh (1.92-1) unstable; urgency=low
The PAM module configuration line must now be directly inserted into
the relevant PAM configuration files instead of being included. See
the README.Debian for configuration examples.
The 'keyfiles' option is now obsolete, and the concept of "login keys"
has been introduced: the authentication module will locate and decrypt
all SSH keys in the directory $HOME/.ssh/login-keys.d and use these
keys (and only these) for authentication.
The traditional SSH keys 'identity', 'id_dsa' and 'id_rsa' in
$HOME/.ssh will also be decrypted and passed to the SSH agent, but
these keys will not be used for authentication.
The 'try_first_pass' now works as advertised, namely by asking for an
SSH passphrase if the password from the previous PAM module fails to
decrypt any of the user's SSH keys.
The 'debug' option now works as advertised, and the output goes into
/var/log/auth.log .
-- Jens Peter Secher <jps@debian.org> Sat, 21 Dec 2008 15:41:52 +0100