Comment 8 for bug 315591

It would appear that this is a known issue in that it is documented in /usr/share/doc/openssh-client/README.Debian.gz.

I think we can declare this not a bug in GDM, but somewhere hovering between openssh and x11-common (since x11-common installs the Xsession.d script which folds ssh-agent into the session startup).

This is a rather thorny problem, since there are so many conflicting requirements:
 * be setgid to afford ssh-agent protection from ptrace()
 * retain behaviour of ssh-agent exiting when the X session does
 * allow ssh-agent to insert envvars into the X session environment
 * don't be put a setgid process on the chain of execs launching the X session (to avoid this bug)

I don't see any way out which doesn't involve writing a non-trivial wrapper which launches the setgid ssh-agent in a mode which emits the envvars to stdout, incorporates the envvars into its own environment, forks the rest of the X session, and then waits for the X session to exit at which point it kills the ssh-agent.

Quite the can of worms.