Your message dated Thu, 16 May 2024 11:04:01 +0000 with message-id <E1s7Yu1-001DzI-Bv@fasolo.debian.org> and subject line Bug#1070725: fixed in openssh 1:9.7p1-5 has caused the Debian Bug report #1070725, regarding ssh-agent: take flock on socket file/dir in /tmp to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 1070725: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1070725 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: ssh-agent: take flock on socket file/dir in /tmp
- From: Luca Boccassi <bluca@debian.org>
- Date: Wed, 08 May 2024 01:06:43 +0100
- Message-id: <[🔎] 89b9beba914aed05fc5950e0bef08fa4cced654c.camel@debian.org>
Package: openssh-client Severity: important Hi, The default tmpfiles.d/tmp.conf will soon start cleaning up /tmp/ once a day, automatically deleting files older than 10 days (ctime/mtime/atime are all taken into account). In order to avoid the ssh auth socket in /tmp being deleted while in use (e.g.: long term session), please patch ssh-agent to take a flock(2) on the /tmp/ssh-xxx directory while it's running, as per documentation: https://www.freedesktop.org/software/systemd/man/latest/tmpfiles.d.html#Age Aside from this, it would be better to switch the location to XDG_RUNTIME_DIR (/run/user/UID), as that's more appropriate for per- user-session ephemeral state. The ssh agent provided by gnupg already switched some time ago: SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh -- Kind regards, Luca BoccassiAttachment: signature.asc
Description: This is a digitally signed message part
--- End Message ---
--- Begin Message ---
- To: 1070725-close@bugs.debian.org
- Subject: Bug#1070725: fixed in openssh 1:9.7p1-5
- From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
- Date: Thu, 16 May 2024 11:04:01 +0000
- Message-id: <E1s7Yu1-001DzI-Bv@fasolo.debian.org>
- Reply-to: Colin Watson <cjwatson@debian.org>
Source: openssh Source-Version: 1:9.7p1-5 Done: Colin Watson <cjwatson@debian.org> We believe that the bug you reported is fixed in the latest version of openssh, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1070725@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Colin Watson <cjwatson@debian.org> (supplier of updated openssh package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 16 May 2024 11:16:30 +0100 Source: openssh Architecture: source Version: 1:9.7p1-5 Distribution: unstable Urgency: medium Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> Changed-By: Colin Watson <cjwatson@debian.org> Closes: 1069706 1070725 Changes: openssh (1:9.7p1-5) unstable; urgency=medium . [ Colin Watson ] * Add "After=nss-user-lookup.target" to ssh.service and sshd@.service (closes: #1069706). * Avoid cleanup of /tmp/sshauth.*, created by sshd if ExposeAuthInfo is set. . [ Andreas Hasenack ] * Add autopkgtests for GSSAPI logins, including gssapi-keyex. . [ Luca Boccassi ] * Install tmpfiles.d to avoid cleanup of ssh-agent socket in /tmp/ (closes: #1070725). * Only set PAM_RHOST if the remote host is not "UNKNOWN" (thanks, Daan De Meyer). Checksums-Sha1: be24ffe4f8a0d8d689f1f8fc2ea336f0b2db14ee 3313 openssh_9.7p1-5.dsc 7e34d48c8d3c3832d83d8df68db26f86d3b61303 193864 openssh_9.7p1-5.debian.tar.xz Checksums-Sha256: 87dce7f64803d2586880b8099b4a4fea47482229fe2aae7293784ed92cf35cc2 3313 openssh_9.7p1-5.dsc 7b5b464c12ae0a54cd77c211d7accf06d3059186fc3a1e116af82c91becc511e 193864 openssh_9.7p1-5.debian.tar.xz Files: 057106f0a6a447ac6fd04556ad6e93ec 3313 net standard openssh_9.7p1-5.dsc d4a2766632fe52649823872860802154 193864 net standard openssh_9.7p1-5.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmZF3TQACgkQOTWH2X2G UAuAghAAokaNB45ZFICeVAxNUskF1tnvqf8/TyyZrvNNjmQ7Q1d2yY+IIQtemPsH Nz7Jq/wJDWLL7KPIprJk+rWVSo2NhWwTMTwt6r6vSat57b4gul/XhqXoZOAbG3b5 R4F/EN/SvVuZBLeIHFZSpBnPB8TTxVY9kPV//IEykVxlBLDpac/jjyEuV+amw4/7 aCVewb54yFC0m6M4gQFJZ+Qq8BwzPE4zrawlq2bE/UIl2pZ8snXf7ai/uFh4DKG5 BkYCfaI9vciPGJN8LuVQkaGpxJdMNKq4NKgDpI+V05bbO4vGXz7TNrbgA8aP9gxK NISuutjpUjBaakpAhX3cLz1PJxOUUb/vb8f3k8FKftfBGIXqryMQ9Sf7h1CyPN7Y OeOoM5+c6UD3kploDRsJaDnUinaeRulkSJQr9o79bRL28ddUk7VbMnGkzijutKUO Todc2SW00p2k0n/wuXg023kOeKEHKWM2RdBAO7YrsiiIXBVhnWFSpt6i/+z/Y9q2 gUQP/kg+3ef/3zo+vPZB8blEORyn5S/88kqcmHx46plx27+lWXlyO4HwGIlwsAxI zOG+tu68r+7CJ06Q/W3hEL8xy7D3cJ6zZx9LmpUGw61Y89NVzUHL3sun9Ynr7LoF HOMFKydLDxK5vbgD7Eku/WnLeAmHtz2SewDGZmTAM1CNyUB3bSU= =siDZ -----END PGP SIGNATURE-----Attachment: pgpzKV1LTPAWd.pgp
Description: PGP signature
--- End Message ---