Escalated to Bugzilla from IssueTracker
Event posted on 2009-06-18 13:36 BST by spanjikk Description of problem: with amanda configured for ssh authentication, the amdump command keeps asking for password. How reproducible: Everytime you run amdump command. Steps to Reproduce: 1)set up a ssh environment for amanda user where the authorization keys are properly set up so that passwords are not asked 2) Now configure an Amanda server/client setup and use the auth "ssh" option so that ssh security is used. 3) everytime we run a amdump command, we can see that the amanda user password is being asked. But simultaneously if we run a strace with fairly large tracing, we can see that the amdump completes without asking for the ssh password, which seem to suggest that this is a race condition. Actual results: the ampdump command does not succeed. Expected results: The amdump command should complete without any additional requirements Additional info: As far as I've understood, Amanda 2.5.0 (that we ship ) should use the users default SSH keys as the configuration keyword "ssh_keys" was not introduced until 2.5.1. This event sent from IssueTracker by mpoole [Support Engineering Group] issue 308705
Event posted on 2009-07-10 16:31 BST by mpoole This is not race condition, but a specific bug to do with relinquishing the setuid bit acquired whilst running the planner. When running under strace programs cannot setuid, so the user remains as that of the initial running user. When then run the amdump without strace the planner becomes root and then uses the root ssh credentials to connect. Since they don't have a root key with no passphrase and matching public key in the remote system amanda authorized keys file it prompts them for a password. There was a change upstream 2006-05-24 Kevin Till <ktill@@zmanda.com> * server-src/planner.c: adjust setuid() calling sequences so that ssh can work * server-src/dumper.c: ditto and what appear to be some related changes the previous month 2006-04-06 Kevin Till <ktill> * server-src/Makefile.am: always install planner/dumper setuid-root * server-src/amcheck.c: check planner/dumper for setuid-root * server-src/dumper.c: drop privilege asap. Switch between bsd and ssh auth is now possible with the same installation. * server-src/planner.c: ditto I will escalate this to BZ. It will initially be aligned with 5.5 but until the extent of the code changes can be determined it cannot be guaranteed that the fix will be made then. This event sent from IssueTracker by mpoole [Support Engineering Group] issue 308705
This request was evaluated by Red Hat Product Management for inclusion, but this component is not scheduled to be updated in the current Red Hat Enterprise Linux release. If you would like this request to be reviewed for the next minor release, ask your support representative to set the next rhel-x.y flag to "?".
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
Closing this as nextrelease. Issue can be avoided as detailed in comment #2 regarding root's credentials. Upstream fix was taken into the RHEL6 version of Amanda.