CentOS

Hello everyone,

I'm trying to set up pam_ssh_agent_auth to take advantage of sudo's authentication via ssh-agent. It was supposed to be a simple configuration, something that I already do in my ubuntu servers, but it became a nightmare.

I installed CentOS 8-1905 (minimal installation) and pam_ssh_agent_auth package. I can connect via ssh with my keys pair and I can also check that my ssh-agent is listening at SSH_AUTH_SOCK. I followed this guide https://www.unix.com/man-page/centos/8/ ... gent_auth/ (is exaclly what I do in my ubuntu servers) but I can't figure out why it's not working.

Does anybody know what I'm doing wrong?

I'll appreciate any help in advance.

I guess you have already verified that there is no change between the man-pages for centos 7, which is what the link points to, and centos 8, which is what you are running.

Also, "not working" is kind of vague. What is the precise error message? I'm not sure that I can help you out even if I know the exact error message but perhaps somebody else can.

Cheers,
gostal

What are the error/informational messages in logs?
File permissions, selinux?

There's no indication at all then on the command line? It just says "Access denied." or something like that?

PAM configuration is tricky. It essential that all lines in relevant configuration files are in the correct order so make sure the order of the lines conform to what you have on your Ubuntu servers as far as it is possible. Try to figure out the exact process on your working Ubuntu server. Then perhaps you can use that to trace what's going on in the CentOS server.

Cheers,
gostal

gostal wrote: ↑

2019/10/22 08:11:37

There's no indication at all then on the command line? It just says "Access denied." or something like that?

After an attempted login, check the output of the following:

tail -n 20 /var/log/secure

journalctl -xe

These should give you some information as to what is going on in the background.

Best,

JP

pclaudio wrote: ↑

2019/10/19 03:21:09

Does anybody know what I'm doing wrong?

We need more information from you.


For the record, I followed those same instructions and can now sudo with agent authentication.