I'm having trouble setting up pam_ssh_agent_auth.so, which allows users
with authenticated public keys to sudo.
cat /etc/pam.d/sudo
auth sufficient pam_ssh_agent_auth.so
file=/etc/security/authorized_keys
@include common-auth
@include common-account
@include common-session-noninteractive
/var/log/auth/log
Apr 8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: matching key
found: file/command /etc/security/authorized_keys, line 7
Apr 8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: Found matching
RSA key: a5:36:xx:f5:xx:9f:xx:20:6a:d9:87:98:4a:4b:10:6a
Apr 8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: Authenticated:
`it' as `it' using /etc/security/authorized_keys
Apr 8 06:53:54 localhost sudo: it : user NOT in sudoers ; TTY=pts/1
; PWD=/home/it ; USER=root ; COMMAND=/usr/bin/ls
user:
it@localhost:~$ sudo ls
it is not in the sudoers file. This incident will be reported.
It looks like the pam configuration is incorrect, although I'm using the
configuration recommended in the README.
Changing the auth line in /etc/pam.d/sudo to
auth [success=3 default=ignore] pam_ssh_agent_auth.so
file=/etc/security/authorized_keys
Has this effect:
it@localhost:~$ sudo ls
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts
Assistance gratefully received
Rory
