Package: openssh-client Version: 1:10.0p1-1 Severity: normal Tags: patch Since OpenSSH 10.0, ssh-agent now has nice, simple support for systemd-style user service socket activation.
The attached patch updates debian's ssh user services to make the agent
socket-activated with basically no overhead. For a systemd session that
doesn't use the agent at all, no agent will be launched.
With this change, it seems like it might also be possible to
drop/discard /usr/lib/openssh/agent-launch as well.
This is related to #1039919 -- if you prefer to merge it in with that,
that's fine. Or, you could close #1039919 as resolved with 10.0p1 (the
moral equivalent of the upstream patch has been merged), and leave this
one open as it just adjusts the way that the agent is integrated into
the user session.
Thanks for maintaining OpenSSH in debian!
--dkg
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'testing'), (200,
'unstable-debug'), (200, 'unstable'), (1, 'experimental-debug'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 6.12.21-amd64 (SMP w/20 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages openssh-client depends on:
ii adduser 3.150
ii init-system-helpers 1.68
ii libc6 2.41-6
ii libedit2 3.1-20250104-1
ii libfido2-1 1.15.0-1+b1
ii libgssapi-krb5-2 1.21.3-5
ii libselinux1 3.8.1-1
ii libssl3t64 3.5.0-1
ii passwd 1:4.17.4-1
ii zlib1g 1:1.3.dfsg+really1.3.1-1+b1
Versions of packages openssh-client recommends:
ii xauth 1:1.1.2-1.1
Versions of packages openssh-client suggests:
pn keychain <none>
pn libpam-ssh <none>
pn monkeysphere <none>
ii ssh-askpass-gnome [ssh-askpass] 1:9.9p2-2
-- no debconf information
diff --git a/debian/openssh-client.install b/debian/openssh-client.install index 96c8deae7..2a33dc93b 100755 --- a/debian/openssh-client.install +++ b/debian/openssh-client.install @@ -34,3 +34,4 @@ debian/openssh-client.apport => usr/share/apport/package-hooks/openssh-client.py # systemd user unit (only used under sessions) debian/systemd/ssh-agent.service usr/lib/systemd/user +debian/systemd/ssh-agent.socket usr/lib/systemd/user diff --git a/debian/systemd/ssh-agent.service b/debian/systemd/ssh-agent.service index 68273bd75..72e0a3e46 100644 --- a/debian/systemd/ssh-agent.service +++ b/debian/systemd/ssh-agent.service @@ -1,17 +1,13 @@ [Unit] Description=OpenSSH Agent Documentation=man:ssh-agent(1) -Before=graphical-session-pre.target -ConditionPathExists=/etc/X11/Xsession.options -Wants=dbus.socket -After=dbus.socket [Service] +Environment=SSH_ASKPASS_REQUIRE=force # If you need to pass extra arguments to ssh-agent, you can use "systemctl # --user edit ssh-agent.service" to add a drop-in unit with contents along # these lines: # [Service] # ExecStart= -# ExecStart=/usr/lib/openssh/agent-launch start -- -t 1200 -ExecStart=/usr/lib/openssh/agent-launch start -ExecStopPost=/usr/lib/openssh/agent-launch stop +# ExecStart=/usr/bin/ssh-agent -D -t 1200 +ExecStart=/usr/bin/ssh-agent -D diff --git a/debian/systemd/ssh-agent.socket b/debian/systemd/ssh-agent.socket new file mode 100644 index 000000000..9980c36f0 --- /dev/null +++ b/debian/systemd/ssh-agent.socket @@ -0,0 +1,13 @@ +[Unit] +Description=OpenSSH Agent socket +Documentation=man:ssh-agent(1) +Before=graphical-session-pre.target + +[Socket] +SocketMode=0600 +ListenStream=%t/openssh_agent +ExecStartPost=/usr/bin/systemctl --user set-environment SSH_AUTH_SOCK=%t/openssh_agent +ExecStopPre=/usr/bin/systemctl --user unset-environment SSH_AUTH_SOCK + +[Install] +WantedBy=sockets.target
signature.asc
Description: PGP signature
