Re: Difficulties setting up pam_ssh_agent_auth
On 4/8/2020 9:20 AM, Rory Campbell-Lange wrote:
> I'm having trouble setting up pam_ssh_agent_auth.so, which allows users
> with authenticated public keys to sudo.
>
> cat /etc/pam.d/sudo
> auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys
> @include common-auth
> @include common-account
> @include common-session-noninteractive
>
> /var/log/auth/log
> Apr 8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: matching key found: file/command /etc/security/authorized_keys, line 7
> Apr 8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: Found matching RSA key: a5:36:xx:f5:xx:9f:xx:20:6a:d9:87:98:4a:4b:10:6a
> Apr 8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: Authenticated: `it' as `it' using /etc/security/authorized_keys
> Apr 8 06:53:54 localhost sudo: it : user NOT in sudoers ; TTY=pts/1 ; PWD=/home/it ; USER=root ; COMMAND=/usr/bin/ls
>
> user:
> it@localhost:~$ sudo ls
> it is not in the sudoers file. This incident will be reported.
>
Did the user in question is in the sudoers file?
Try the following line in /etc/sudoers.d/ssh
user ALL=(ALL) ALL
Where 'user' is the name of the SSH user.
If it works, you should restrick the above line.
--
John Doe
Reply to: