Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
From: Antoine Le Gonidec <debian@vv221.fr>
Date: Fri, 18 Apr 2025 16:26:36 +0200
Message-id: <[🔎] 174498639667.3932913.11597799212161471652.reportbug@localhost>
Reply-to: Antoine Le Gonidec <debian@vv221.fr>, 1103522@bugs.debian.org

Package: openssh-client
Version: 1:10.0p1-2
Severity: important

Since the 1:10.0p1-1 → 1:10.0p1-2 upgrade, the user socket for ssh-agent
is no longer created in ${XDG_RUNTIME_DIR}/openssh_agent, but at an
unpredictable path under /tmp.

As an example, here is what it currently uses on my system:
/tmp/ssh-EwtbKB5qzA6k/agent.3932465
(the path changes each time the ssh-agent user service is restarted)

This breaks the use of commands like ssh-add, as they can no longer find
the socket.

This is most probably related to the fix for the following bug reports:
- https://bugs.debian.org/961311
- https://bugs.debian.org/1039919
- https://bugs.debian.org/1103037

For now it can be worked around by downgrading openssh-client
to the Trixie version (1:9.9p2-2), and open the socket with:
/usr/lib/openssh/agent-launch start

-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'testing-debug'), (500, 'stable-debug'), (500, 'oldstable-debug'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 6.12.17-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages openssh-client depends on:
ii  adduser              3.150
ii  init-system-helpers  1.68
ii  libc6                2.41-7
ii  libedit2             3.1-20250104-1
ii  libfido2-1           1.15.0-1+b1
ii  libgssapi-krb5-2     1.21.3-5
ii  libselinux1          3.8.1-1
ii  libssl3t64           3.5.0-1
ii  passwd               1:4.17.4-1
ii  zlib1g               1:1.3.dfsg+really1.3.1-1+b1

Versions of packages openssh-client recommends:
ii  xauth  1:1.1.2-1.1

Versions of packages openssh-client suggests:
pn  keychain      <none>
pn  libpam-ssh    <none>
pn  monkeysphere  <none>
pn  ssh-askpass   <none>

-- no debconf information

Reply to:

Follow-Ups:
- Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
  - From: Colin Watson <cjwatson@debian.org>

Prev by Date: Bug#1103418: openssh-server irregularly crashing since 10.0p1 upgrade
Next by Date: Bug#1103392: Info received (Bug#1103392: incorrect signature when ssh'ing to an AIX server (Big Endian) from X86 (Little endian))
Previous by thread: Processed: merging 1103391 1103392
Next by thread: Bug#1103522: openssh-client: ssh-agent socket created in an unpredictable path
Index(es):
- Date
- Thread