Bug 510755 - Amanda: SSH prompting for password when using keys
Amanda: SSH prompting for password when using keys
Status: CLOSED NEXTRELEASE
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: amanda (Show other bugs)
5.3
All Linux
medium Severity medium
: rc
: ---
Assigned To: Lukáš Nykrýn
qe-baseos-daemons
: Upstream
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-07-10 11:42 EDT by Issue Tracker
Modified: 2011-10-16 13:35 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-10-16 13:35:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Issue Tracker 2009-07-10 11:42:34 EDT
Escalated to Bugzilla from IssueTracker
Comment 1 Issue Tracker 2009-07-10 11:42:36 EDT
Event posted on 2009-06-18 13:36 BST by spanjikk

Description of problem:
with amanda configured for ssh authentication, the amdump command keeps asking for password.

How reproducible:
Everytime you run amdump command.

Steps to Reproduce:
1)set up a ssh environment for amanda user where the authorization keys are properly set up so that passwords are not asked 

2) Now configure an Amanda server/client setup and use the auth "ssh" option so that ssh security is used.

3) everytime we run a amdump command, we can see that the amanda user password is being asked. But simultaneously if we run a strace with fairly large tracing, we can see that the amdump completes without asking for the ssh password, which seem to suggest that this is a race condition.

Actual results:
the ampdump command does not succeed.

Expected results:
The amdump command should complete without any additional requirements

Additional info:
As far as I've understood, Amanda 2.5.0 (that we ship ) should use the users default SSH keys as the configuration keyword "ssh_keys" was not introduced until 2.5.1. 


This event sent from IssueTracker by mpoole  [Support Engineering Group]
 issue 308705
Comment 2 Issue Tracker 2009-07-10 11:42:38 EDT
Event posted on 2009-07-10 16:31 BST by mpoole

This is not race condition, but a specific bug to do with relinquishing the
setuid bit acquired whilst running the planner.

When running under strace programs cannot setuid, so the user remains as
that of the initial running user.  When then run the amdump without strace
the planner becomes root and then uses the root ssh credentials to connect.
Since they don't have a root key with no passphrase and matching public
key in the remote system amanda authorized keys file it prompts them for a
password.

There was a change upstream

  2006-05-24  Kevin Till <ktill@@zmanda.com>

    * server-src/planner.c: adjust setuid() calling sequences so that ssh
can work
    * server-src/dumper.c:  ditto

and what appear to be some related changes the previous month

  2006-04-06  Kevin Till <ktill@zmanda.com>
    * server-src/Makefile.am: always install planner/dumper setuid-root
    * server-src/amcheck.c:   check planner/dumper for setuid-root
    * server-src/dumper.c:    drop privilege asap. Switch between bsd
       and ssh auth is now possible with the same installation.
    * server-src/planner.c:   ditto

I will escalate this to BZ. It will initially be aligned with 5.5 but
until the extent of the code changes can be determined it cannot be
guaranteed that the fix will be made then.


This event sent from IssueTracker by mpoole  [Support Engineering Group]
 issue 308705
Comment 4 RHEL Product and Program Management 2009-11-06 14:25:07 EST
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 6 RHEL Product and Program Management 2010-08-09 14:47:04 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 8 RHEL Product and Program Management 2011-05-31 09:56:37 EDT
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.
Comment 9 David Mair 2011-10-16 13:35:36 EDT
Closing this as nextrelease.  Issue can be avoided as detailed in comment #2 regarding root's credentials.  Upstream fix was taken into the RHEL6 version of Amanda.

Note You need to log in before you can comment on or make changes to this bug.