Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 687188

Summary: sys-auth/pam_ssh-2.3: Breaks user login with SSH key
Product: Gentoo Linux Reporter: Martin Samek <mr>
Component: Current packagesAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED NEEDINFO    
Severity: normal CC: jstein
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Martin Samek 2019-06-02 10:28:36 UTC
The upgrade of the pam_ssh package from version 1.98 to 2.3 breaks user login to the system with the SSH key. Also, sudo is broken. There is a noticeable difference in the password prompt. There stays "Password:" for version 1.98 and "SSH passphrase" for version 2.3.

Journal shows my key is successfully decrypted:

čen 02 12:24:26 vertigo pam_ssh[3180]: SSH key candidate 'id_rsa'.
čen 02 12:24:26 vertigo pam_ssh[3180]: SSH key 'id_rsa' decrypted. 

My system-auth is following:

auth            required        pam_env.so
auth            sufficient      pam_ssh.so debug
auth            sufficient      pam_unix.so try_first_pass likeauth nullok 
auth            required        pam_deny.so
 
account         required        pam_unix.so 
account         optional        pam_deny.so
 
password        required        pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 
password        sufficient      pam_unix.so try_first_pass use_authtok nullok sha512 shadow 
password        optional        pam_permit.so
 
session         optional        pam_ssh.so debug
session         required        pam_limits.so 
session         required        pam_env.so 
session         required        pam_unix.so 
session         optional        pam_permit.so
-session        optional        pam_systemd.so

Any idea whats wrong? Downgrade to the version 1.98 is a workaround.
Comment 1 Jonas Stein gentoo-dev 2019-06-02 12:04:24 UTC
It is sad to read that you have problems with the software. The situation seems to be a bit more complicate and requires some analysis.
We can not help you efficiently via bug tracker. The bug tracker aims rather on specific problems in .ebuilds and less on individual systems. 

I have had very good experience on the gentoo IRC [1] with questions like this. Of course there are also forums and mailing lists [2,3].
I hope you understand, that I will close the bug here therefore and wish you good luck on one of the mentioned channels [4].
Please reopen the ticket in order to provide an indication for an specific error in an ebuild or any gentoo related product.

[1] https://www.gentoo.org/get-involved/irc-channels/
[2] https://forums.gentoo.org/
[3] https://www.gentoo.org/get-involved/mailing-lists/all-lists.html
[4] https://www.gentoo.org/support/