[Bug 664941] New: pam_ssh does not add the key to ssh-agent
https://bugzilla.novell.com/show_bug.cgi?id=664941 https://bugzilla.novell.com/show_bug.cgi?id=664941#c0 Summary: pam_ssh does not add the key to ssh-agent Classification: openSUSE Product: openSUSE 11.4 Version: Factory Platform: x86-64 OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security AssignedTo: security-team@suse.de ReportedBy: mike@mk-sys.cz QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=408615) --> (http://bugzilla.novell.com/attachment.cgi?id=408615) My /etc/pam.d/xdm User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:2.0b10pre) Gecko/20110117 Firefox/4.0b10pre When logging to KDE (or IceWM), pam_ssh.so recognizes passphrase for an SSH key but then does not add the key to ssh-agent. Reproducible: Always Steps to Reproduce: 1. Create a pair of personal keys for SSH. 2. Add lines for pam_ssh.so to /etc/pam.d/xdm (see attachment) 3. Log in using key passphrase 4. Try 'ssh-add -l' Actual Results: The agent has no identities. Expected Results: 1024 d7:68:02:fa:f2:44:7f:32:30:86:18:01:fb:99:7d:20 /home/mike/.ssh/id_dsa (DSA) Package version: pam_ssh-1.97-9.5.x86_64 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c1
Sebastian Krahmer
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c
Vitezslav Cizek
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c2
--- Comment #2 from Vitezslav Cizek
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c3
--- Comment #3 from Michal Kubeček
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c4
Vitezslav Cizek
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c
Stefan Dirsch
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c5
Stefan Dirsch
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c6
Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c7
--- Comment #7 from Vitezslav Cizek
ps aux | grep ssh-agent cizek 930 0.0 0.0 36412 888 ? Ss Mar01 0:00 ssh-agent -s
checkproc -vp 930 /usr/bin/ssh-agent 930 echo $? 0
checkproc -kvp 930 /usr/bin/ssh-agent echo $? 7
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c8
--- Comment #8 from Michal Kubeček
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c9
Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c10
--- Comment #10 from Michal Kubeček
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c11
--- Comment #11 from Dr. Werner Fink
Anyway, I still think that the main problem here is what I mentioned in comment #8: checkproc ignores numeric parameter of -p if -k is given so that it tries to go through all processes (which is in fact against the sense of -k option).
And `m pretty sure that this wrong. Just fixed the permission handling for the users own processes, that is if a user owns a process and the exe links is not readable, the checkproc switch over to the plain string compare. Build is running for 11.4-x86_64 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c12
--- Comment #12 from Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c
Stefan Dirsch
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c13
--- Comment #13 from Michal Kubeček
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c
Michal Kubeček
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c14
Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c15
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c16
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c17
Marcus Meissner
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c18
Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c19
Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c20
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=664941
https://bugzilla.novell.com/show_bug.cgi?id=664941#c
Swamp Workflow Management
participants (1)
-
bugzilla_noreply@novell.com