This is a copy-paste from https://bugzilla.novell.com/show_bug.cgi?id=665061 : Before ssh-agent is started as user, pam_ssh does not set the gid/grouplist. Therefore ssh-agent runs with gid 0. Gentoo currently does not carry their patch, and the issue reported there can be demonstrated to exist in Gentoo, too. Reproducible: Always Steps to Reproduce: 1. emerge pambase with the pam_ssh USE flag 2. login as yourself, using your ssh key passphrase 3. ls -ld /proc/`pidof ssh-agent` Actual Results: dr-xr-xr-x 7 aep root 0 Сен 27 12:09 /proc/9794 Expected Results: dr-xr-xr-x 7 aep aep 0 Сен 27 12:09 /proc/9794 aep@aep-desktop ~ $ cat /etc/pam.d/system-auth auth required pam_env.so auth sufficient pam_ssh.so auth required pam_unix.so try_first_pass likeauth nullok auth optional pam_permit.so account required pam_unix.so account optional pam_permit.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password required pam_unix.so try_first_pass use_authtok nullok sha512 shadow password optional pam_permit.so session optional pam_ssh.so session required pam_limits.so session required pam_env.so session required pam_unix.so session optional pam_permit.so
+*pam_ssh-1.98 (06 Nov 2013) + + 06 Nov 2013; Pacho Ramos <pacho@gentoo.org> +pam_ssh-1.98.ebuild: + Version bump + Try with this version please
Fixed indeed.
