| Summary: | sys-auth/pam_ssh-2.3: fatal: key_load_private: memory allocation failed | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Jan Essert <netz> |
| Component: | Current packages | Assignee: | No maintainer - Look at https://wiki.gentoo.org/wiki/Project:Proxy_Maintainers if you want to take care of it <maintainer-needed> |
| Status: | RESOLVED PKGREMOVED | ||
| Severity: | normal | CC: | chrylis, flow, jasmin+gentoo, treecleaner |
| Priority: | Normal | Keywords: | PMASKED |
| Version: | unspecified | ||
| Hardware: | AMD64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | |||
| Bug Blocks: | 797325 | ||
I can't find anyone else still packaging this, although FreeBSD has it in base. Someone could compare our one vs https://github.com/freebsd/freebsd-src/blob/d643925a79caab5c6de62b066e374935b60bcaf1/lib/libpam/modules/pam_ssh/pam_ssh.c, I suppose. hm, opensuse has it still but no patches... Could you humour me and try CFLAGS="-O2 -fno-strict-aliasing" emerge -v1 pam_ssh and tell me if it helps? debian still ship it too, with these patches: https://sources.debian.org/src/libpam-ssh/2.3%2Bds-6/debian/patches/. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=bd4987694728ce81e8f05197ee1688ff1fdfff1d commit bd4987694728ce81e8f05197ee1688ff1fdfff1d Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2024-03-26 14:02:16 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2024-03-26 14:03:58 +0000 package.mask: Last rite sys-auth/pam_ssh Bug: https://bugs.gentoo.org/892031 Signed-off-by: Michał Górny <mgorny@gentoo.org> profiles/base/package.use.mask | 4 ++++ profiles/package.mask | 5 +++++ 2 files changed, 9 insertions(+) Removing. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b09685143c47821d891ed166e6c96df17d4256c5 commit b09685143c47821d891ed166e6c96df17d4256c5 Author: Michał Górny <mgorny@gentoo.org> AuthorDate: 2024-05-08 09:09:41 +0000 Commit: Michał Górny <mgorny@gentoo.org> CommitDate: 2024-05-08 09:17:28 +0000 sys-auth/pam_ssh: Remove last-rited pkg Bug: https://bugs.gentoo.org/892031 Signed-off-by: Michał Górny <mgorny@gentoo.org> profiles/package.mask | 5 -- sys-auth/pam_ssh/Manifest | 1 - .../pam_ssh/files/pam_ssh-2.1-dot-ssh-check.patch | 22 ------- sys-auth/pam_ssh/files/pam_ssh-gcc10-fix.patch | 11 ---- sys-auth/pam_ssh/files/pam_symbols.ver | 4 -- sys-auth/pam_ssh/metadata.xml | 8 --- sys-auth/pam_ssh/pam_ssh-2.3-r1.ebuild | 75 ---------------------- 7 files changed, 126 deletions(-) This appears to be a major breaking change with virtually no warning or documentation (one month from masking to removal for a longstanding authentication package whose absence will lock users out of their accounts). What's the replacement? (Web search provides no useful results whatsoever.) (In reply to Christopher Smith from comment #8) > What's the replacement? (Web search provides no useful results whatsoever.) I'd say the a common approach these days is a pam module that uses the provided password to unlock the SSH key [1]. Which means that the passphrase for your private SSH key and your Unix password must be identical. For example, by gnome-keyring, provides such a PAM module. 1: Note that this is subtle different from pam_ssh's approach which grants access if the provided password unlocks the private SSH key *while* it also starts an ssh-agent. (In reply to Christopher Smith from comment #8) > This appears to be a major breaking change with virtually no warning or > documentation (one month from masking to removal for a longstanding > authentication package whose absence will lock users out of their accounts). > What's the replacement? (Web search provides no useful results whatsoever.) The bug here suggested it didn't even work at all for the last 2 years. My most recent reinstall of it is timestamped October 30, 2023. (And I have seen the "auto-add" options, but I specifically have kept my SSH key passphrases and my login passwords distinct.) |
When logging into my machine using greetd via tuigreet, the machine hangs after login while still displaying tuigreet. A zombie greetd process hangs around, and I get the following message in the systemd journal: Jan 25 19:06:09 mars pam_ssh[514]: fatal: key_load_private: memory allocation failed Logging in via a regular getty works fine, but I get: Jan 25 19:06:19 mars pam_ssh[586]: /tmp/ssh-XXXXXXZ4PjNr/agent.634: No such file or directory which does not seem to cause any problems. /etc/pam.d/system-auth contains: auth optional pam_ssh.so try_first_pass session optional pam_ssh.so I believe this problem started only after upgrading to dev-libs/openssl-3.0.7-r2 (from 1.1.1s, I believe). Please tell me if I can provide additional information. Reproducible: Always Portage 3.0.44 (python 3.10.9-final-0, default/linux/amd64/17.1/systemd/merged-usr, gcc-12, glibc-2.36-r7, 6.1.7-gentoo x86_64) ================================================================= System uname: Linux-6.1.7-gentoo-x86_64-AMD_Ryzen_5_3600_6-Core_Processor-with-glibc2.36 KiB Mem: 16342436 total, 7386984 free KiB Swap: 16383996 total, 16383996 free Timestamp of repository gentoo: Wed, 25 Jan 2023 18:02:04 +0000 Head commit of repository gentoo: 1e6e80adfe602657152fa598bdda2f033d78296d Timestamp of repository guru: Wed, 25 Jan 2023 11:01:58 +0000 Head commit of repository guru: bda9495f0953a50b2c65de300f3a2660da50332e Timestamp of repository moulay: Fri, 20 Jan 2023 23:17:05 +0000 Head commit of repository moulay: 4ffd3ce724d168885a36ac0d1b817d56e26dda1b Timestamp of repository steam-overlay: Sat, 21 Jan 2023 15:01:56 +0000 Head commit of repository steam-overlay: 681d17f8ed5b7d981b5f1509bdc6f9d74816fe9e sh bash 5.2_p15-r1 ld GNU ld (Gentoo 2.40 p1) 2.40 app-misc/pax-utils: 1.3.6-r1::gentoo app-shells/bash: 5.2_p15-r1::gentoo dev-java/java-config: 2.3.1::gentoo dev-lang/perl: 5.36.0-r2::gentoo dev-lang/python: 3.10.9::gentoo, 3.11.1::gentoo dev-lang/rust: 1.66.1::gentoo dev-util/cmake: 3.25.2::gentoo dev-util/meson: 1.0.0::gentoo sys-apps/baselayout: 2.9::gentoo sys-apps/sandbox: 2.30-r1::gentoo sys-apps/systemd: 252.4-r1::gentoo sys-devel/autoconf: 2.13-r7::gentoo, 2.71-r5::gentoo sys-devel/automake: 1.16.5::gentoo sys-devel/binutils: 2.40::gentoo sys-devel/binutils-config: 5.5::gentoo sys-devel/clang: 15.0.7-r1::gentoo sys-devel/gcc: 12.2.1_p20230121-r1::gentoo sys-devel/gcc-config: 2.10::gentoo sys-devel/libtool: 2.4.7-r1::gentoo sys-devel/lld: 15.0.7::gentoo sys-devel/llvm: 15.0.7::gentoo sys-devel/make: 4.4::gentoo sys-kernel/linux-headers: 6.1::gentoo (virtual/os-headers) sys-libs/glibc: 2.36-r7::gentoo sys-libs/libselinux: 3.4::gentoo Repositories: gentoo location: /var/db/repos/gentoo sync-type: git sync-uri: https://anongit.gentoo.org/git/repo/sync/gentoo.git priority: -1000 volatile: True guru location: /var/db/repos/guru sync-type: git sync-uri: https://github.com/gentoo-mirror/guru.git masters: gentoo volatile: True localrepo location: /usr/local/portage masters: gentoo volatile: True moulay location: /var/db/repos/moulay sync-type: git sync-uri: https://github.com/gentoo-mirror/moulay.git masters: gentoo volatile: True steam-overlay location: /var/db/repos/steam-overlay sync-type: git sync-uri: https://github.com/gentoo-mirror/steam-overlay.git masters: gentoo volatile: True Installed sets: @esteam ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="@FREE AdobeFlash-11.x skype-4.0.0.7-copyright Intel-SDP FraunhoferFDK intel-ucode MBROLA Moria FESTIVAL AVASYS MPEG-4 ValveSteamLicense freedist unRAR vim.org CC-BY-NC-4.0 arj SIFT free-noncomm Turkowski NVIDIA-r1 Snes9x" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-O2 -pipe -march=native -mtune=native -fomit-frame-pointer" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/lib64/libreoffice/program/sofficerc /usr/share/config /usr/share/gnupg/qualified.txt" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/dconf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c" CXXFLAGS="-O2 -pipe -march=native -mtune=native -fomit-frame-pointer" DISTDIR="/var/cache/distfiles" EMERGE_DEFAULT_OPTS="--with-bdeps y --quiet-build y --backtrack=30 --ignore-built-slot-operator-deps=y" ENV_UNSET="CARGO_HOME DBUS_SESSION_BUS_ADDRESS DISPLAY GDK_PIXBUF_MODULE_FILE GOBIN GOPATH PERL5LIB PERL5OPT PERLPREFIX PERL_CORE PERL_MB_OPT PERL_MM_OPT XAUTHORITY XDG_CACHE_HOME XDG_CONFIG_HOME XDG_DATA_HOME XDG_RUNTIME_DIR XDG_STATE_HOME" FCFLAGS="-O2 -pipe -march=native -mtune=native -fomit-frame-pointer" FEATURES="assume-digests binpkg-docompress binpkg-dostrip binpkg-logs binpkg-multi-instance buildpkg-live cgroup compressdebug config-protect-if-modified distlocks ebuild-locks fixlafiles ipc-sandbox merge-sync mount-sandbox multilib-strict network-sandbox news parallel-fetch pid-sandbox preserve-libs protect-owned qa-unresolved-soname-deps sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch userpriv usersandbox usersync xattr" FFLAGS="-O2 -pipe -march=native -mtune=native -fomit-frame-pointer" GENTOO_MIRRORS="http://distfiles.gentoo.org" LANG="de_DE.utf8" LDFLAGS="-Wl,--as-needed" LEX="flex" LINGUAS="de en" MAKEOPTS="-j7" PKGDIR="/var/cache/binpkgs" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --omit-dir-times --compress --force --whole-file --delete --stats --human-readable --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --exclude=/.git" PORTAGE_TMPDIR="/var/tmp" SHELL="/bin/zsh" USE="X a52 aac acl alsa amd64 avahi bluray bs2b bzip2 cairo cli crypt css cups dbus djvu dri dts dvb dvd encode exif ffmpeg flac fortran gdbm gstreamer handbook hbci iconv imap ipod ipv6 jpeg jpeg2k kde kdehiddenvisibility kipi latex libglvnd libtirpc lzma mad matroska metis mp3 mp4 mpeg mtp multilib musepack ncurses nls nptl ogg openexr opengl openmp opus pam pcre pdf pipewire png policykit pop pulseaudio qt5 readline romio sdl seccomp smtp speex spell ssl svg systemd test-rust theora threads truetype udev udisks unicode usb v4l v4l2 vaapi vdpau vim-syntax vorbis vpx vulkan wayland x264 x265 xattr xcb xcomposite xft xkb xvid zeroconf zlib zsh-completion" ABI_X86="64" ADA_TARGET="gnat_2021" APACHE2_MODULES="authn_core authz_core socache_shmcb unixd actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="karbon sheets words" CAMERAS="directory ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" CPU_FLAGS_X86="mmx mmxext sse sse2 aes avx avx2 f16c fma3 pclmul popcnt rdrand sha sse3 sse4_1 sse4_2 sse4a ssse3" ELIBC="glibc" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock greis isync itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf skytraq superstar2 timing tsip tripmate tnt ublox ubx" GRUB_PLATFORMS="efi-64" INPUT_DEVICES="evdev libinput" KERNEL="linux" L10N="de en" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIBREOFFICE_EXTENSIONS="presenter-console presenter-minimizer" LUA_SINGLE_TARGET="lua5-1" LUA_TARGETS="lua5-1" OFFICE_IMPLEMENTATION="libreoffice" PHP_TARGETS="php7-4 php8-0" POSTGRES_TARGETS="postgres12 postgres13" PYTHON_SINGLE_TARGET="python3_10" PYTHON_TARGETS="python3_10" RUBY_TARGETS="ruby31" SANE_BACKENDS="escl" USERLAND="GNU" VIDEO_CARDS="radeon radeonsi amdgpu" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq proto steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: ADDR2LINE, AR, ARFLAGS, AS, ASFLAGS, CC, CCLD, CONFIG_SHELL, CPP, CPPFLAGS, CTARGET, CXX, CXXFILT, ELFEDIT, EXTRA_ECONF, F77FLAGS, FC, GCOV, GPROF, INSTALL_MASK, LC_ALL, LD, LFLAGS, LIBTOOL, MAKE, MAKEFLAGS, NM, OBJCOPY, OBJDUMP, PORTAGE_BINHOST, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, RANLIB, READELF, RUSTFLAGS, SIZE, STRINGS, STRIP, YACC, YFLAGS