[Bug 1244736] Re: upstart configuration for user launches an extra ssh-agent

Sun Mar 30 05:57:53 UTC 2014

This bug was fixed in the package openssh - 1:6.6p1-1

---------------
openssh (1:6.6p1-1) unstable; urgency=medium

  [ Colin Watson ]
  * Apply various warning-suppression and regression-test fixes to
    gssapi.patch from Damien Miller.
  * New upstream release (http://www.openssh.com/txt/release-6.6,
    LP: #1298280):
    - CVE-2014-2532: sshd(8): when using environment passing with an
      sshd_config(5) AcceptEnv pattern with a wildcard, OpenSSH prior to 6.6
      could be tricked into accepting any environment variable that contains
      the characters before the wildcard character.
  * Re-enable btmp logging, as its permissions were fixed a long time ago in
    response to #370050 (closes: #341883).
  * Change to "PermitRootLogin without-password" for new installations, and
    ask a debconf question when upgrading systems with "PermitRootLogin yes"
    from previous versions (closes: #298138).
  * Debconf translations:
    - Danish (thanks, Joe Hansen).
    - Portuguese (thanks, Américo Monteiro).
    - Russian (thanks, Yuri Kozlov; closes: #742308).
    - Swedish (thanks, Andreas Rönnquist).
    - Japanese (thanks, victory).
    - German (thanks, Stephan Beck; closes: #742541).
    - Italian (thanks, Beatrice Torracca).
  * Don't start ssh-agent from the Upstart user session job if something
    like Xsession has already done so (based on work by Bruno Vasselle;
    LP: #1244736).

  [ Matthew Vernon ]
  * CVE-2014-2653: Fix failure to check SSHFP records if server presents a
    certificate (bug reported by me, patch by upstream's Damien Miller;
    thanks also to Mark Wooding for his help in fixing this) (Closes:
    #742513)

 -- Colin Watson <cjwatson at debian.org>  Fri, 28 Mar 2014 18:04:41 +0000

** Changed in: openssh (Ubuntu)
       Status: Confirmed => Fix Released

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2532

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2014-2653

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1244736

Title:
  upstart configuration for user launches an extra ssh-agent

Status in “gnome-session” package in Ubuntu:
  Confirmed
Status in “openssh” package in Ubuntu:
  Fix Released

Bug description:
  Symptom: the ssh-agent does not have my key anymore after upgrade to
  13.10

  I use kdm and pam-ssh to deal with my keys.

  It appears that pam-ssh does its job, and my key it actually there...
  in another agent: I can see 2 ssh-agent processes, and changing the
  SSH_AUTH_SOCK and SSH_AGENT_PID environment variables so that they
  refer to the other one reveals my key...

  The script /usr/share/upstart/sessions/ssh-agent.conf launches ssh-
  agent, regardless of whether it is already there or not.

  Adding the line:
      [ "$SSH_AGENT_PID" ] && { stop; exit 0; } # already running

  before line:
      eval "$(ssh-agent)" >/dev/null

  in the script does restore the behavior before upgrade.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnome-session/+bug/1244736/+subscriptions