[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Difficulties setting up pam_ssh_agent_auth

On 4/8/2020 9:20 AM, Rory Campbell-Lange wrote:
> I'm having trouble setting up pam_ssh_agent_auth.so, which allows users
> with authenticated public keys to sudo.
>
> cat /etc/pam.d/sudo
>     auth     sufficient    pam_ssh_agent_auth.so file=/etc/security/authorized_keys
>     @include common-auth
>     @include common-account
>     @include common-session-noninteractive
>
> /var/log/auth/log
>     Apr  8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: matching key found: file/command /etc/security/authorized_keys, line 7
>     Apr  8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: Found matching RSA key: a5:36:xx:f5:xx:9f:xx:20:6a:d9:87:98:4a:4b:10:6a
>     Apr  8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: Authenticated: `it' as `it' using /etc/security/authorized_keys
>     Apr  8 06:53:54 localhost sudo:       it : user NOT in sudoers ; TTY=pts/1 ; PWD=/home/it ; USER=root ; COMMAND=/usr/bin/ls
>
> user:
>     it@localhost:~$ sudo ls
>     it is not in the sudoers file.  This incident will be reported.
>

Did the user in question is in the sudoers file?

Try the following line in /etc/sudoers.d/ssh
user ALL=(ALL) ALL


Where 'user' is the name of the SSH user.

If it works, you should restrick the above line.

--
John Doe
Reply to: