Description of problem: In my file /etc/pam.d/sudo I have added the line auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys at the start of the file. Since the upgrade to pam_ssh_agent_auth-0.10.2-1.2.fc23.x86_64, sudo crashes with a Segmentation fault when called when I have the environment variable SSH_AUTH_SOCK set to point to a valid agent socket. After downgrading to pam_ssh_agent_auth-0.10.2-1.2.fc23.x86_64, sudo works again. Version-Release number of selected component (if applicable): pam_ssh_agent_auth-0.10.2-1.2.fc23.x86_64 How reproducible: 100% Steps to Reproduce: 1.install latest pam_ssh_agent_auth and follow instructions in man page 2.run an ssh agent 3.sudo whoami Actual results: Segmentation fault Expected results: command executes Additional info: Same problem with su and the appropriate change to /etc/pam.d/su.
I can't reproduce the crash on my testing machine. Can you add also "debug" flag and post the log what is going on under the hood (should be in /var/log/secure)? Do you have correct permissions for the /etc/security/authorized_keys?
$ ls -l /etc/security/authorized_keys -rw-r--r--. 1 root root 750 Sep 12 2013 /etc/security/authorized_keys $ ls -Z /etc/security/authorized_keys unconfined_u:object_r:etc_t:s0 /etc/security/authorized_keys After I added debug, I see the following in the log file (single sudo invocation): Jan 29 13:25:16 mdbs sudo[13481]: Beginning pam_ssh_agent_auth for user sjoerd Jan 29 13:25:16 mdbs sudo[13481]: Attempting authentication: `sjoerd' as `sjoerd' using /etc/security/authorized_keys Jan 29 13:25:16 mdbs sudo[13481]: Contacted ssh-agent of user sjoerd (1000) Jan 29 13:25:16 mdbs sudo[13481]: trying public key file /etc/security/authorized_keys Jan 29 13:25:16 mdbs sudo[13481]: auth_secure_filename: checking for uid: 0 Jan 29 13:25:16 mdbs sudo[13481]: secure_filename: checking '/etc/security' Jan 29 13:25:16 mdbs sudo[13481]: secure_filename: checking '/etc' Jan 29 13:25:16 mdbs sudo[13481]: secure_filename: checking '/' Jan 29 13:25:16 mdbs sudo[13481]: key not found Jan 29 13:25:16 mdbs sudo[13481]: trying public key file /etc/security/authorized_keys Jan 29 13:25:16 mdbs sudo[13481]: auth_secure_filename: checking for uid: 0 Jan 29 13:25:16 mdbs sudo[13481]: secure_filename: checking '/etc/security' Jan 29 13:25:16 mdbs sudo[13481]: secure_filename: checking '/etc' Jan 29 13:25:16 mdbs sudo[13481]: secure_filename: checking '/' Jan 29 13:25:16 mdbs sudo[13481]: key not found Maybe also relevant: $ ssh-add -l | wc -l 7
Ok. I got that. When I have only one valid key, it works fine. For more keys (or if the first key is not valid), it segfaults, because the buffer gots somehow corrupted for some reason. This unfortunately slipped through my tests. Thank you for the report. I will try to solve it asap.
openssh-7.1p2-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-72f953d453
openssh-7.1p2-3.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-72f953d453
openssh-7.1p2-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.