Bug 2362165

Summary: pam-ssh-agent lost after upgrade to F42
Product: [Fedora] Fedora Reporter: Peter Bieringer <pb>
Component: opensshAssignee: Dmitry Belyavskiy <dbelyavs>
Status: CLOSED WONTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 42CC: cllang, crypto-team, dbelyavs, dwalsh, jjelen, lkundrak, mattias.ellert, tm
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2025-04-26 13:37:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Peter Bieringer 2025-04-24 19:56:36 UTC 
pam-ssh-agent lost after upgrade to F42

found:
https://fedoraproject.org/wiki/Changes/Remove_pam-ssh-agent_component

"Last years its development has effectively stopped"

While not having looked into the code, potentially simply nothing to develop further on as code is settled?

"we are not aware of it being used actively"

at least I'm heavily using this by preloading ssh-agent with a key from smartcard or TPM and then later for "su" or "sudo" actions on destination systems.

"pam_rssh" is mentioned as an alternative, any plans to package instead?

Reproducible: Always
Comment 1 Clemens Lang 2025-04-25 10:36:23 UTC 
What exactly is your request here? We have no plans to bring back pam-ssh-agent. Feel free to package it in a COPR or turn it into a separate package submitted to Fedora maintained by you if you want.

pam_rssh is a good alternative, I'm using it, it works fine, but it's written in Rust and Fedora's packaging guidelines require it to be unbundled to package, which I haven't done and don't have time for. Help welcome, see https://discussion.fedoraproject.org/t/f42-change-proposal-deprecate-pam-ssh-agent-component-self-contained/138977/13 for discussion and pointers to an existing specfile that uses vendored dependencies.
Comment 2 Dmitry Belyavskiy 2025-04-26 13:37:57 UTC 
I agree with Clemens. The change was approved, and the component is of quite limited usage. Closing Wontfix.
Comment 3 Peter Bieringer 2025-05-13 20:19:55 UTC 
Replacement is in progress: https://github.com/nresare/pam-ssh-agent/issues/24#issuecomment-2877830098