pam_ssh_agent_auth not working

Support for security such as Firewalls and securing linux
Post Reply
pclaudio
Posts: 1
Joined: 2019/10/19 02:53:43

pam_ssh_agent_auth not working

Post by pclaudio » 2019/10/19 03:21:09

Hello everyone,

I'm trying to set up pam_ssh_agent_auth to take advantage of sudo's authentication via ssh-agent. It was supposed to be a simple configuration, something that I already do in my ubuntu servers, but it became a nightmare.

I installed CentOS 8-1905 (minimal installation) and pam_ssh_agent_auth package. I can connect via ssh with my keys pair and I can also check that my ssh-agent is listening at SSH_AUTH_SOCK. I followed this guide https://www.unix.com/man-page/centos/8/ ... gent_auth/ (is exaclly what I do in my ubuntu servers) but I can't figure out why it's not working.

Does anybody know what I'm doing wrong?

I'll appreciate any help in advance.

gostal
Posts: 71
Joined: 2019/09/23 15:26:45

Re: pam_ssh_agent_auth not working

Post by gostal » 2019/10/21 09:08:42

I guess you have already verified that there is no change between the man-pages for centos 7, which is what the link points to, and centos 8, which is what you are running.

Also, "not working" is kind of vague. What is the precise error message? I'm not sure that I can help you out even if I know the exact error message but perhaps somebody else can.

Cheers,
gostal
Desktop Dell T5810 Intel(R) Xeon(R) CPU E5-1650 v4 @ 3.60GHz, 72 GB RAM, Radeon Pro WX 7100
CentOS 7.9.2009

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: pam_ssh_agent_auth not working

Post by jlehtone » 2019/10/21 20:51:14

What are the error/informational messages in logs?
File permissions, selinux?

gostal
Posts: 71
Joined: 2019/09/23 15:26:45

Re: pam_ssh_agent_auth not working

Post by gostal » 2019/10/22 08:11:37

There's no indication at all then on the command line? It just says "Access denied." or something like that?

PAM configuration is tricky. It essential that all lines in relevant configuration files are in the correct order so make sure the order of the lines conform to what you have on your Ubuntu servers as far as it is possible. Try to figure out the exact process on your working Ubuntu server. Then perhaps you can use that to trace what's going on in the CentOS server.

Cheers,
gostal
Desktop Dell T5810 Intel(R) Xeon(R) CPU E5-1650 v4 @ 3.60GHz, 72 GB RAM, Radeon Pro WX 7100
CentOS 7.9.2009

User avatar
jpawlik
Posts: 7
Joined: 2019/09/19 21:36:27

Re: pam_ssh_agent_auth not working

Post by jpawlik » 2019/10/31 14:01:17

gostal wrote:
2019/10/22 08:11:37
There's no indication at all then on the command line? It just says "Access denied." or something like that?
After an attempted login, check the output of the following:

tail -n 20 /var/log/secure

journalctl -xe

These should give you some information as to what is going on in the background.

Best,

JP

User avatar
jlehtone
Posts: 4523
Joined: 2007/12/11 08:17:33
Location: Finland

Re: pam_ssh_agent_auth not working

Post by jlehtone » 2019/11/04 07:52:44

pclaudio wrote:
2019/10/19 03:21:09
Does anybody know what I'm doing wrong?
We need more information from you.


For the record, I followed those same instructions and can now sudo with agent authentication.

Post Reply