Bug#827949: libpam-ssh does not launch an ssh-agent

Jerome BENOIT Thu, 23 Jun 2016 17:21:35 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello.


On 23/06/16 15:19, Giuseppe Bilotta wrote:
> Hello again,>> Is there anything I can do to debug the issue and
> provide more information?
>>
>> Can you check that your current set is conform to pam_ssh(8) ?
> 
> I have not altered the pam configuration myself until now, so the
> configuration is the one enabled by the package directly. greppng for
> ssh gives:
> 
> /etc/pam.d/common-auth:auth optional pam_ssh.so use_first_pass debug
> /etc/pam.d/common-session:session optional pam_ssh.so debug
> 
> (the debug lines are what I added as per your suggestion).
> 
> I also don't have any ~/.ssh/login-keys.d/ or ~/.ssh/session-keys.d/,
> 
>> If yes, please try the debug option (see pam_ssh(8)) to figure out what is 
>> going wrong;
>> the log files are welcome.
> 
> Here's a snippet from /var/log/auth.log, which seems to be the only
> log with relevant information
> 
> Jun 23 15:58:34 user pam_ssh[1418]: open session
> Jun 23 15:58:42 user pam_ssh[1869]: init authentication module
> Jun 23 15:58:42 user pam_ssh[1869]: No SSH login-keys directory.
> Jun 23 15:58:42 user pam_ssh[1869]: Grabbing password from preceding
> auth module.
> Jun 23 15:58:42 user pam_ssh[1869]: Using previous password for SSH keys.
> Jun 23 15:58:42 user pam_ssh[1869]: Looking for SSH keys in
> '/home/user/.ssh/session-keys.d'.
> Jun 23 15:58:42 user pam_ssh[1869]: No SSH session-keys directory.
> Jun 23 15:58:42 user pam_ssh[1869]: Looking for SSH keys in '/home/user/.ssh'.
> Jun 23 15:58:42 user pam_ssh[1869]: SSH key candidate 'id_ed25519'.
> Jun 23 15:58:42 user pam_ssh[1869]: debug1: key_load_private: No such
> file or directory
> Jun 23 15:58:42 user pam_ssh[1869]: SSH key candidate 'id_ed25519' failed.
> Jun 23 15:58:42 user pam_ssh[1869]: SSH key candidate 'id_ecdsa'.
> Jun 23 15:58:42 user pam_ssh[1869]: debug1: key_load_private: No such
> file or directory
> Jun 23 15:58:42 user pam_ssh[1869]: SSH key candidate 'id_ecdsa' failed.
> Jun 23 15:58:42 user pam_ssh[1869]: SSH key candidate 'id_dsa'.
> Jun 23 15:58:42 user pam_ssh[1869]: debug1: key_load_private: No such
> file or directory
> Jun 23 15:58:42 user pam_ssh[1869]: SSH key candidate 'id_dsa' failed.
> Jun 23 15:58:42 user pam_ssh[1869]: SSH key candidate 'id_rsa'.
> Jun 23 15:58:42 user pam_ssh[1869]: SSH key 'id_rsa' decrypted.
> Jun 23 15:58:42 user pam_ssh[1869]: SSH key candidate 'identity'.
> Jun 23 15:58:42 user pam_ssh[1869]: debug1: key_load_private: No such
> file or directory
> Jun 23 15:58:42 user pam_ssh[1869]: SSH key candidate 'identity' failed.
> Jun 23 16:00:47 user pam_ssh[1418]: close session
> Jun 23 16:00:56 user pam_ssh[2231]: init authentication module
> Jun 23 16:00:56 user pam_ssh[2231]: No SSH login-keys directory.
> Jun 23 16:00:56 user pam_ssh[2231]: Grabbing password from preceding
> auth module.
> Jun 23 16:00:56 user pam_ssh[2231]: Using previous password for SSH keys.
> Jun 23 16:00:56 user pam_ssh[2231]: Looking for SSH keys in
> '/home/user/.ssh/session-keys.d'.
> Jun 23 16:00:56 user pam_ssh[2231]: No SSH session-keys directory.
> Jun 23 16:00:56 user pam_ssh[2231]: Looking for SSH keys in '/home/user/.ssh'.
> Jun 23 16:00:56 user pam_ssh[2231]: SSH key candidate 'id_ed25519'.
> Jun 23 16:00:56 user pam_ssh[2231]: debug1: key_load_private: No such
> file or directory
> Jun 23 16:00:56 user pam_ssh[2231]: SSH key candidate 'id_ed25519' failed.
> Jun 23 16:00:56 user pam_ssh[2231]: SSH key candidate 'id_ecdsa'.
> Jun 23 16:00:56 user pam_ssh[2231]: debug1: key_load_private: No such
> file or directory
> Jun 23 16:00:56 user pam_ssh[2231]: SSH key candidate 'id_ecdsa' failed.
> Jun 23 16:00:56 user pam_ssh[2231]: SSH key candidate 'id_dsa'.
> Jun 23 16:00:56 user pam_ssh[2231]: debug1: key_load_private: No such
> file or directory
> Jun 23 16:00:56 user pam_ssh[2231]: SSH key candidate 'id_dsa' failed.
> Jun 23 16:00:56 user pam_ssh[2231]: SSH key candidate 'id_rsa'.
> Jun 23 16:00:56 user pam_ssh[2231]: SSH key 'id_rsa' decrypted.
> Jun 23 16:00:56 user pam_ssh[2231]: SSH key candidate 'identity'.
> Jun 23 16:00:56 user pam_ssh[2231]: debug1: key_load_private: No such
> file or directory
> Jun 23 16:00:56 user pam_ssh[2231]: SSH key candidate 'identity' failed.
> Jun 23 16:00:56 user pam_ssh[2231]: open session
> Jun 23 16:01:06 user pam_ssh[2285]: init authentication module
> Jun 23 16:01:06 user pam_ssh[2285]: No SSH login-keys directory.
> Jun 23 16:01:06 user pam_ssh[2285]: Grabbing password from preceding
> auth module.
> Jun 23 16:01:06 user pam_ssh[2285]: Using previous password for SSH keys.
> Jun 23 16:01:06 user pam_ssh[2285]: Looking for SSH keys in
> '/home/user/.ssh/session-keys.d'.
> Jun 23 16:01:06 user pam_ssh[2285]: No SSH session-keys directory.
> Jun 23 16:01:06 user pam_ssh[2285]: Looking for SSH keys in '/home/user/.ssh'.
> Jun 23 16:01:06 user pam_ssh[2285]: SSH key candidate 'id_ed25519'.
> Jun 23 16:01:06 user pam_ssh[2285]: debug1: key_load_private: No such
> file or directory
> Jun 23 16:01:06 user pam_ssh[2285]: SSH key candidate 'id_ed25519' failed.
> Jun 23 16:01:06 user pam_ssh[2285]: SSH key candidate 'id_ecdsa'.
> Jun 23 16:01:06 user pam_ssh[2285]: debug1: key_load_private: No such
> file or directory
> Jun 23 16:01:06 user pam_ssh[2285]: SSH key candidate 'id_ecdsa' failed.
> Jun 23 16:01:06 user pam_ssh[2285]: SSH key candidate 'id_dsa'.
> Jun 23 16:01:06 user pam_ssh[2285]: debug1: key_load_private: No such
> file or directory
> Jun 23 16:01:06 user pam_ssh[2285]: SSH key candidate 'id_dsa' failed.
> Jun 23 16:01:06 user pam_ssh[2285]: SSH key candidate 'id_rsa'.
> Jun 23 16:01:06 user pam_ssh[2285]: SSH key 'id_rsa' decrypted.
> Jun 23 16:01:06 user pam_ssh[2285]: SSH key candidate 'identity'.
> Jun 23 16:01:06 user pam_ssh[2285]: debug1: key_load_private: No such
> file or directory
> Jun 23 16:01:06 user pam_ssh[2285]: SSH key candidate 'identity' failed.
> Jun 23 16:02:01 user pam_ssh[2355]: open session
> Jun 23 16:02:01 user pam_ssh[2355]: inexistent configuration directory
> Jun 23 16:08:29 user pam_ssh[2606]: init authentication module
> Jun 23 16:08:29 user pam_ssh[2606]: No SSH login-keys directory.
> Jun 23 16:08:29 user pam_ssh[2606]: Grabbing password from preceding
> auth module.
> Jun 23 16:08:29 user pam_ssh[2606]: Using previous password for SSH keys.
> Jun 23 16:08:29 user pam_ssh[2606]: Looking for SSH keys in
> '/home/user/.ssh/session-keys.d'.
> Jun 23 16:08:29 user pam_ssh[2606]: No SSH session-keys directory.
> Jun 23 16:08:29 user pam_ssh[2606]: Looking for SSH keys in '/home/user/.ssh'.
> Jun 23 16:08:29 user pam_ssh[2606]: SSH key candidate 'id_ed25519'.
> Jun 23 16:08:29 user pam_ssh[2606]: debug1: key_load_private: No such
> file or directory
> Jun 23 16:08:29 user pam_ssh[2606]: SSH key candidate 'id_ed25519' failed.
> Jun 23 16:08:29 user pam_ssh[2606]: SSH key candidate 'id_ecdsa'.
> Jun 23 16:08:29 user pam_ssh[2606]: debug1: key_load_private: No such
> file or directory
> Jun 23 16:08:29 user pam_ssh[2606]: SSH key candidate 'id_ecdsa' failed.
> Jun 23 16:08:29 user pam_ssh[2606]: SSH key candidate 'id_dsa'.
> Jun 23 16:08:29 user pam_ssh[2606]: debug1: key_load_private: No such
> file or directory
> Jun 23 16:08:29 user pam_ssh[2606]: SSH key candidate 'id_dsa' failed.
> Jun 23 16:08:29 user pam_ssh[2606]: SSH key candidate 'id_rsa'.
> Jun 23 16:08:29 user pam_ssh[2606]: SSH key 'id_rsa' decrypted.
> Jun 23 16:08:29 user pam_ssh[2606]: SSH key candidate 'identity'.
> Jun 23 16:08:29 user pam_ssh[2606]: debug1: key_load_private: No such
> file or directory
> Jun 23 16:08:29 user pam_ssh[2606]: SSH key candidate 'identity' failed.
> 
> (that's a few attempts at logging in, checking if the agent was
> running, logging ou trying again).
> 


My understanding is that you have only one key, the traditional rsa key.

I have tried to reproduce your issue with a fake user on my box: it works here.
Have you tried to start an ssh-agent by hand ?
What is the version of your ssh ? (I am asking because my box is merely a Jessie
with some Stretch stuff.)
Can you show your /etc/pam.d/common-session and /etc/pam.d/common-auth and 
/etc/pam.d/login
configuration files ?

Looking forward,
Jerome

- -- 
Jerome BENOIT | calculus+at-rezozer^dot*net
https://qa.debian.org/developer.php?login=calcu...@rezozer.net
AE28 AE15 710D FF1D 87E5  A762 3F92 19A6 7F36 C68B
-----BEGIN PGP SIGNATURE-----

iQQcBAEBCgAGBQJXbHvdAAoJED+SGaZ/NsaLsYkf/1OOsrUEpCmkTO85TdvK2uwk
QNYg9IjqOJD7aQjvGZD2tjqeQe8ct8LX7VwpAJn7wvKsLTlgKRU6n1Kq4HX/ARR7
tE4pF2GM3xlCXhzGO1qp/Vh2/p3fimMtEztm/BKDqluMiUC4zxBbgNYHtPd471+V
LayC/0sELjV4NVYyVAeVF74yUhn3a0dX0Wg/MvSYlIUuc3YuIPfIbTM0B033eP4x
5JDtU5sMjc46qWIHQtNbP8rTsbhw7vuFCvDcppvS2xhQ0KJaJY8+qY6BLYD5J1IZ
AhYai1RIIwV3ylZikvK3rWYzsnBRm1O+TvByWSCZieNyIkJjjpsYAAvQrrQuOHZV
vDcjbJ0j8vOFTQyLc6HaniNRQU7zFtECC0vmUGZ45vLs2xXJw4L8exjGTFhQWoc8
7Eg0Y33v3CDxEdrPwSm4zDe0sXmQSSosCq3bCh/UbAGIuOW/0Vo7b7w+jlBYXIvq
H2HLygv7ymr8pcsqGxvXFs9wAUb+23Py+v7GU02KsjkTgRZSgDi2i/Z69nReDW9K
ctqsvZKYtsfV4nTksy96Itru8WppI0ZJXtmedwEnS6pWwYv8Z/XUVCERJkQIJKkr
V54NQvNbS/XFJ9tOd/9T785ffkkEk4iiFUKjqTaBw0EsGpzhRTlsyHCzFhf8IoHA
yVTjgWMNOWYBwAEMJFC167PxY21zHHaLzI9EabD2q7Ljlr5fybc4oWsHDlCGIJsW
1iEDzijOGmxuQXqqaiKSo+k6spqaUgLbDu7FhCBbnds9Dw08C5N3mK8wA7kxK5r7
ytnsiQltY8H5sXz/bmSq5KY/u3jXc8Lfc6X1SKS7zPP7gxSPNa0B+wY1S2m+Dwb7
PtOKW2hfBJkDRjPAbN/wc6dTMnJzFBLTbwLL/lMCFfAimhH+vl3aD05idt2Ei35B
qC4eSQJpMrgp8+AMP2Ts3O/ERutOaRGKLPbsZrkAD/T6+AKou1VGQ+HAq5vpDFbV
Nl2Hq80gbRiEp2wH4YyeJoKpZblXSmPZeoW0Rz05+LTBU9l6q1CJrTHlllmj0W7S
X3H9QmS/Bcrzx/PlkWv+yEk43SIaDcQGjnjS3hc8+OufCHl8wT2v+mO0fJjdbmiz
zl0eVNzRCA5j7/iC6uq96McKFBWi2tUDlY9nL8QheTW5wHj0Tb6SaprQ1N/gH+iy
FtaNWR32TdU0ABL5KIZnUexmb3GOpEYXD8vq03tT5XXYEJUexi9Vzl/P/L5FnxK5
uyvz7ZTpmAiFyIi/nEEQT6bazCHuV0GJtNzrtOx0mJu9mGkwwp16EaA0qqVE6Ieg
erlk3/PTXQFLPM8vlJ4cTrRU1zcQjE6X8OZ4adCGRoiVrc1/svBjoumjEzw9jgI=
=iKUc
-----END PGP SIGNATURE-----

Bug#827949: libpam-ssh does not launch an ssh-agent

Reply via email to