Bug 1303036
| Summary: | su and sudo crash when using pam_ssh_agent_auth | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Sjoerd Mullender <sjoerd> |
| Component: | openssh | Assignee: | Jakub Jelen <jjelen> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 23 | CC: | jjelen, mattias.ellert, mgrepl, plautrba, tmraz |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | openssh-7.1p2-3.fc23 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-02-01 02:20:40 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Sjoerd Mullender
2016-01-29 11:43:46 UTC
I can't reproduce the crash on my testing machine. Can you add also "debug" flag and post the log what is going on under the hood (should be in /var/log/secure)? Do you have correct permissions for the /etc/security/authorized_keys? $ ls -l /etc/security/authorized_keys -rw-r--r--. 1 root root 750 Sep 12 2013 /etc/security/authorized_keys $ ls -Z /etc/security/authorized_keys unconfined_u:object_r:etc_t:s0 /etc/security/authorized_keys After I added debug, I see the following in the log file (single sudo invocation): Jan 29 13:25:16 mdbs sudo[13481]: Beginning pam_ssh_agent_auth for user sjoerd Jan 29 13:25:16 mdbs sudo[13481]: Attempting authentication: `sjoerd' as `sjoerd' using /etc/security/authorized_keys Jan 29 13:25:16 mdbs sudo[13481]: Contacted ssh-agent of user sjoerd (1000) Jan 29 13:25:16 mdbs sudo[13481]: trying public key file /etc/security/authorized_keys Jan 29 13:25:16 mdbs sudo[13481]: auth_secure_filename: checking for uid: 0 Jan 29 13:25:16 mdbs sudo[13481]: secure_filename: checking '/etc/security' Jan 29 13:25:16 mdbs sudo[13481]: secure_filename: checking '/etc' Jan 29 13:25:16 mdbs sudo[13481]: secure_filename: checking '/' Jan 29 13:25:16 mdbs sudo[13481]: key not found Jan 29 13:25:16 mdbs sudo[13481]: trying public key file /etc/security/authorized_keys Jan 29 13:25:16 mdbs sudo[13481]: auth_secure_filename: checking for uid: 0 Jan 29 13:25:16 mdbs sudo[13481]: secure_filename: checking '/etc/security' Jan 29 13:25:16 mdbs sudo[13481]: secure_filename: checking '/etc' Jan 29 13:25:16 mdbs sudo[13481]: secure_filename: checking '/' Jan 29 13:25:16 mdbs sudo[13481]: key not found Maybe also relevant: $ ssh-add -l | wc -l 7 Ok. I got that. When I have only one valid key, it works fine. For more keys (or if the first key is not valid), it segfaults, because the buffer gots somehow corrupted for some reason. This unfortunately slipped through my tests. Thank you for the report. I will try to solve it asap. openssh-7.1p2-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-72f953d453 openssh-7.1p2-3.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-72f953d453 openssh-7.1p2-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |