Description of problem: pam_ssh_agent_auth no longer works since Fedora 22. In the log I find the message pam_ssh_agent_auth: undefined symbol: ssh_get_first_identity Version-Release number of selected component (if applicable): pam_ssh_agent_auth-0.9.3-5.5.fc22.1.x86_64 How reproducible: 100% Steps to Reproduce: 1.install pam_ssh_agent_auth 2.configure according to man page (man pam_ssh_agent_auth) 3.try sudo Actual results: sudo still asks for password and the /var/log/security file has the above-mentioned message. Expected results: sudo accepts openssh key. Additional info:
Thanks for report. There was some refactorization of openssh internals around authfd. I managed to update pam_ssh_agent code to cooperate with current openssh and my rough testing shows that it works. If you will have time to check it out, there is scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=9857246 Regular build will be available with another fixes later.
That's an fc23 package. Is there also an fc22 package?
For testing purpose it shouldn't matter to install F23 packages. Within openssh, there is no difference between them. Full update for F22 will be available in few days. I need to figure out some stuff.
openssh-6.8p1-6.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/openssh-6.8p1-6.fc22
Package openssh-6.8p1-6.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openssh-6.8p1-6.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-9070/openssh-6.8p1-6.fc22 then log in and leave karma (feedback).
openssh-6.8p1-6.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
I'm sorry I wasn't able to test this sooner, but I'm afraid this fix makes it (quite a bit) worse. sudo crashes due to a double free in the pam_ssh_agent_auth.so shared library: *** Error in `sudo': double free or corruption (fasttop): 0xb87b6fa0 *** ======= Backtrace: ========= /lib/libc.so.6(+0x6b716)[0xb7553716] /lib/libc.so.6(+0x7414a)[0xb755c14a] /lib/libc.so.6(cfree+0x50)[0xb755f930] /usr/lib/security/pam_ssh_agent_auth.so(+0x79f7)[0xb6e2a9f7] /usr/lib/security/pam_ssh_agent_auth.so(+0x10bc2)[0xb6e33bc2] /usr/lib/security/pam_ssh_agent_auth.so(+0x4261)[0xb6e27261] /usr/lib/security/pam_ssh_agent_auth.so(pam_sm_authenticate+0x489)[0xb6e5b199] /lib/libpam.so.0(+0x2615)[0xb71e7615] /lib/libpam.so.0(pam_authenticate+0x47)[0xb71e6d77] /usr/libexec/sudo/sudoers.so(+0x5bcb)[0xb71f9bcb] /usr/libexec/sudo/sudoers.so(+0x51a2)[0xb71f91a2] /usr/libexec/sudo/sudoers.so(+0x6a76)[0xb71faa76] /usr/libexec/sudo/sudoers.so(+0x1821d)[0xb720c21d] /usr/libexec/sudo/sudoers.so(+0x12100)[0xb7206100] sudo(main+0x82c)[0xb775fe5c] /lib/libc.so.6(__libc_start_main+0xf7)[0xb75006c7] sudo(+0x53ed)[0xb77613ed] [ large memory map elided ] Perhaps this should be a new bug report?
I think it can stay in this bugzilla. Sorry for it and thanks for reopening. I gave it another try with more care and fixed few problems. Here is scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=9916345 and if my last testing will end good, I will push it later today.
I installed pam_ssh_agent_auth-0.9.3-5.7.fc23.1.x86_64 on a test machine running F22 (upgraded from F21) and the result is: $ sudo whoami Segmentation fault I then incorporated the change in /etc/pam.d/sudo.rpmnew into /etc/pam.d/sudo (after the upgrade from F21 to F22 the last line containing "session include system-auth" was missing), and the result became: *** Error in `sudo': double free or corruption (out): 0x00007fdb00000000 *** ======= Backtrace: ========= /lib64/libc.so.6(+0x77e9d)[0x7fdb05594e9d] /lib64/libc.so.6(+0x7f53c)[0x7fdb0559c53c] /lib64/libc.so.6(cfree+0x4c)[0x7fdb055a0e9c] /usr/lib64/security/pam_ssh_agent_auth.so(+0x638e)[0x7fdafbfae38e] /usr/lib64/security/pam_ssh_agent_auth.so(+0x6260)[0x7fdafbfae260] /usr/lib64/security/pam_ssh_agent_auth.so(pam_sm_authenticate+0x3f4)[0x7fdafbfd4524] /lib64/libpam.so.0(+0x2f82)[0x7fdafe369f82] /lib64/libpam.so.0(pam_authenticate+0x30)[0x7fdafe369840] /usr/libexec/sudo/sudoers.so(+0x8b9b)[0x7fdafe57eb9b] /usr/libexec/sudo/sudoers.so(+0x82f2)[0x7fdafe57e2f2] /usr/libexec/sudo/sudoers.so(+0x987c)[0x7fdafe57f87c] /usr/libexec/sudo/sudoers.so(+0x18a9f)[0x7fdafe58ea9f] /usr/libexec/sudo/sudoers.so(+0x137cf)[0x7fdafe5897cf] sudo(+0x568e)[0x7fdb0656a68e] /lib64/libc.so.6(__libc_start_main+0xf0)[0x7fdb0553d790] sudo(+0x6829)[0x7fdb0656b829]
Yes. I found out after I posted. So one more time, hopefully tested all use cases. There were more changes than I expected and even some fun with changed types. I will do update tomorrow, if you will report success. http://koji.fedoraproject.org/koji/taskinfo?taskID=9920781 (F22 package)
Now that I have pam_ssh_agent_auth-0.9.3-5.7.fc22.1.x86_64 installed, sudo worked. Looking good so far.
openssh-6.8p1-7.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/openssh-6.8p1-7.fc22
Package openssh-6.8p1-7.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing openssh-6.8p1-7.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-9537/openssh-6.8p1-7.fc22 then log in and leave karma (feedback).
openssh-6.8p1-7.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.