-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hello Giueppe,
On 24/06/16 19:50, Giuseppe Bilotta wrote: > Hello Jerome, > > On Fri, Jun 24, 2016 at 4:43 PM, Jerome BENOIT <calcu...@rezozer.net> wrote: >> On 24/06/16 15:21, Giuseppe Bilotta wrote: >>> So the problem is that one of the leftover files prevented the agent >>> from starting. >> >> This is not a problem, this mechanism is meant to allow several sessions >> to use the same agent. > > Indeed, and that makes perfect sense. However it does cause issues if > the agent is not actually running, either because it crashed or > because the control file was left over from a previous run. You are right. Meanwhile I added an entry in my TODO list concerning this package. I also noticed that there is two flag-file on my box: I would say that one is enough, but I cannot say more right now because I am not familiar with this part of the code. (In the past, I mainly add new key types support) > >> What is not normal is that the flag file was not removed: I suspect an >> accident >> and/or any confusions as it happens at migration time. > > In my case, this is probably due to an unclean shutdown. I have two > issues on my machine: one is due to the system never closing down > properly if an NFS mount is active when using systemd as init. The > other is that sometimes my video driver acts up in multi-monitor > setups, especially when switching consoles and running rootless X. I > think that what happened in this case is that my machine went > completely dead after a switch from a rootless X on tty1 to > (framebuffer) console on tty2 and then back, so I was forced to do a > hard reset of the machine without logging off properly. Due to me not > logging off, the control files were still there and were never cleaned > up. > >>> May I suggest adding a few more debug outputs centered around starting >>> up the agent? I don't know how it's done in pam_ssh, but if it does >>> some checks before then actually printing on debug "checking for >>> running agents" and maybe "found agent from XXXXX file, not starting"? >> >> I am agree that the DEBUG message policy must be revisited. > > Indeed, It should be fine to be quite verbose with what's happening, > since it's debug-only output. Added en entry to. > >>> This would at least hint at the reason why the agent is not being started. >>> >>> (Bonus points: making sure that the agent is actually running and not >>> just some lefover file?) >> >> The leftover file is a flag file (see above). >> How do you suggest to decide whether or not an agent was indeed launched by >> pam_ssh but not any other process ? > > If the flag file contains the PID of the agent it launches, it could > be used to check if the agent is actually running before deciding to > not launch one. > >>> (Anyway, the issue is solved for me; maybe demote it to wishlist for >>> the improved checks?) >> >> I guess that we can close it. > > Sure. > >> Note that you may want to launch the pam_tmpdir module before pam_ssh as >> pam_ssh honours TMPDIR. > > I have not altered the order of the modules myself, so probably the > pam-auth-update configuration file for pam_ssh should specify that it > needs to go after pam_tmpdir? I filled a bug report a long time ago concerning this: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=711100 Because I do not like the idea to have the socket agent folder in /tmp , I manage the pam_ssh module by hand rather through pam-auth-update . Cheers, Jerome > - -- Jerome BENOIT | calculus+at-rezozer^dot*net https://qa.debian.org/developer.php?login=calcu...@rezozer.net AE28 AE15 710D FF1D 87E5 A762 3F92 19A6 7F36 C68B -----BEGIN PGP SIGNATURE----- iQQcBAEBCgAGBQJXbY+3AAoJED+SGaZ/NsaLwZcf/0u4eAAzdFFdPHM7JsWIgkb9 8drtqZGjitxkqDS5HoTsRg2gOpfuVeQwMgkxInQnsHzsA+j1gCD+FCriwF+f/RN3 4Q/Ydl9pTv/oc5Zsw36qJOaTSuPUKpQfmLI2NGGgU/YGbE72Rxeuj2mJ5nj6d6Wa aS0ydafdFZonlLMhlGG2qWbZqwaQT2VxcEmsd7uAHB3Ux/6NbTV3Q7XnXPoZw+Hx zDP48wRoKGIlwNYufDfQ+4HNP5EqBJca34hPgjaEbkKlShVCHP55oRn6hU8tu0Fz gV0O8sTfOrlUvj2PMXb3ABvlQSOpBDq8lz4AzhiyM+iA9OLl31O2OvikCcRbP1jg gmvH49oNpHBRRSBHqZv0wDdNFvG1bOugL7y5irEIujTEbYeZxQfIaiBhX+EpLt0A Kqi1vjhSy1/aB2uUerxNuVM4+YYekhNUCw5lbRwc0r7RH+woYYWPz35bdU8jSFGs OnJIBuHQw05f/cl0oWrjTJtsHhpKTwDN6xPP8c5MjmzP+sjNlWywTRMNRaNeLYnG 7xkyD1KHvdZpa7A8A1XEwBKOzfmNKnWcs/4NOl2iDUHvhHQVyYNNOM04s2SF3UG+ TcfvoQf/nB4S75KlaGDRifuZ1gUqXZH4uWpG9ZLvNAz8ULr2EjiTr8V7zq3inN2j GIJAq0+rhngSeor4JZjTtP1Nu5fLCqWYuQtne/ha2+Rop7LPuet+W14yzGVi+jqF PBSpq9p771527wAMmp/7f/noeOQU66psOr5HacLTRU+0lNDo5KiXynfk2rmdyDeD atS/d805NQoEfi+91YF6ahE3ZhSOhh6iJkJxtrPUom7nww+/DnEBFMSatu6xrLGH 135yV2B9uHhUV2mL0YzuQEz+Hpa+NxW7BN4eUZlnPZXwu1ef73R42O4OV4noy89k LeiANSIVq/7doxMmnPVwK8EIdF4bZp7EpcO9Qh7wWtUQkqywaaqLpPiNP0/zCc/x 2RO/f56OUoLWbRluU+EiHYCa5HMrXojHi0JibQZYqyQO2ZTskt4+Dox+ue4dqxha J9UzZQbKIywhE5DxWM0UPCYyIrzSobwSfAxID+jsrUGIA9waDgqmYjRZTiUfZUux gJAFeecV1j/WkzMblf6avPlFHSYkVTvPBs98Hx+FpoQdscnMYiIUcJ/Zh3Do5eAF fvjxIK2qQ5yMQ8kBAK/EV2784gx4vWxumlgGf5WLWEZtC3ieQH3CigLaztKPbvCw GugNURr8HoC6ntN4WD+KNE+pYwGPpcowFOjZhpangmqWaHlFdjrpyhYGhE6gRjVa lqzoI1kGwGLQttqjYk9X9VDJeaK1TjwsXWXxlHOijLq6yRx599/42o99gJFr5WA= =fiEG -----END PGP SIGNATURE-----
