Created attachment 1564994 [details] patch file Description of problem: After upgrading to pam_ssh 2.x, private key files stored on filesystems which do not permit root access (e.g NFS with root squash) are no longer loaded. When the pam_ssh debug (log) option is enabled for the pam session module interface, the error "inexistent configuration directory" is logged. Version-Release number of selected component (if applicable): 2.0 and newer How reproducible: Always. Steps to Reproduce: 1. Configure filesystem with root squash or some mechanism which prevents root access 2. Create SSH key file(s) on filesystem 3. Configure pam stack to use pam_ssh module 4. Log into the system Actual results: ssh-agent is spawned, the key is decrypted but not loaded into ssh-agent. Expected results: ssh-agent is spawned, the key is both decrypted and loaded into ssh-agent. Additional info: The change to handle inexistent configuration directories was made in version 2.0 and is mentioned explicitly in the package changelog. Because pam_ssh attempts to access the .ssh directory as root, filesystems which prevent root access (e.g. NFS with root squash enabled) prevent this behaviour and cause the error. The attached patch resolves this issue by modifying the relevant error condition so that a directory is only "inexistent" if both the directory could not be accessed and the error returned is NOT EACCES (access denied). The patch also improves logging by reporting the absolute path of the .ssh directory that could not be accessed, and the error string.
pam_ssh-2.3-2.fc30 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-9c082d92d9
pam_ssh-2.3-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-7bf8eac912
pam_ssh-2.3-2.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-9c082d92d9
pam_ssh-2.3-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-7bf8eac912
pam_ssh-2.3-2.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f346c3f91f
pam_ssh-2.3-2.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2019-f346c3f91f
pam_ssh-2.3-2.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
pam_ssh-2.3-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
pam_ssh-2.3-2.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.