[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Difficulties setting up pam_ssh_agent_auth

I'm having trouble setting up pam_ssh_agent_auth.so, which allows users
with authenticated public keys to sudo.

cat /etc/pam.d/sudo
    auth     sufficient    pam_ssh_agent_auth.so file=/etc/security/authorized_keys
    @include common-auth
    @include common-account
    @include common-session-noninteractive

/var/log/auth/log
    Apr  8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: matching key found: file/command /etc/security/authorized_keys, line 7                                                                   
    Apr  8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: Found matching RSA key: a5:36:xx:f5:xx:9f:xx:20:6a:d9:87:98:4a:4b:10:6a                                                                  
    Apr  8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: Authenticated: `it' as `it' using /etc/security/authorized_keys                                                                          
    Apr  8 06:53:54 localhost sudo:       it : user NOT in sudoers ; TTY=pts/1 ; PWD=/home/it ; USER=root ; COMMAND=/usr/bin/ls

user:
    it@localhost:~$ sudo ls
    it is not in the sudoers file.  This incident will be reported.

It looks like the pam configuration is incorrect, although I'm using the
configuration recommended in the README.

Changing the auth line in /etc/pam.d/sudo to 

    auth     [success=3 default=ignore] pam_ssh_agent_auth.so file=/etc/security/authorized_keys
    
Has this effect:

    it@localhost:~$ sudo ls
    Sorry, try again.
    Sorry, try again.
    sudo: 3 incorrect password attempts

Assistance gratefully received
Rory
Reply to: