[Bug 1507798] Re: libpam-sshauth dropped support for publickey authentication

Wed Jan 13 01:21:43 UTC 2016

Hm. I think this patch is incorrect:

gcc -DHAVE_CONFIG_H -I. -I..   -D_FORTIFY_SOURCE=2 -fpic -Wall   -g -O2 -fstack-protector-strong -Wformat -Werror=format-security -c -o pam_sshauth_so-auth_funcs.o `test -f 'auth_funcs.c' || echo './'`auth_funcs.c
auth_funcs.c:40:0: warning: "SSH_AUTH_METHOD_PUBLICKEY" redefined
 #define SSH_AUTH_METHOD_PUBLICKEY 3
 ^
In file included from auth_funcs.c:36:0:
pam_sshauth.h:30:0: note: this is the location of the previous definition
 #define SSH_AUTH_METHOD_PUBLICKEY   4
 ^

You're using method as a set of bits, but you're defining
SSH_AUTH_METHOD_PUBLICKEY as 1<<1 | 1<<0 (ie: 2 + 1 = 3).

This means that it'll try public key authentication if both INTERACTIVE
and PASSWORD methods are supported (and, conversely, it'll try PASSWORD
and INTERACTIVE if only PUBLICKEY is supported).

** Changed in: libpam-sshauth (Ubuntu Xenial)
       Status: In Progress => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1507798

Title:
  libpam-sshauth dropped support for publickey authentication

Status in libpam-sshauth package in Ubuntu:
  Incomplete
Status in libpam-sshauth source package in Trusty:
  In Progress
Status in libpam-sshauth source package in Vivid:
  Triaged
Status in libpam-sshauth source package in Wily:
  Triaged
Status in libpam-sshauth source package in Xenial:
  Incomplete
Status in libpam-sshauth package in Debian:
  New

Bug description:
  [Impact]

  libpam-sshauth v0.1-1 (shipped with precise) used to support publickey
  authentication with ssh-agent.

  New version of this lib shipped with trusty and late has dropped this
  feature; which is related to upstream author (ltsp-upstream) switching
  to using libssh2 (was using libssh before).

  [Test Case]

  A patched has been approved/merge upstream:
  https://code.launchpad.net/~benoit-guyard/ltsp/libpam-sshauth/+merge/273930

  [Regression Potential]

  A testfix has been provided, and positive feedbacks from the community
  has been given by the community to confirm the new package work under
  Trusty as expected: https://bugs.launchpad.net/ubuntu/xenial/+source
  /libpam-sshauth/+bug/1507798/comments/4

  [Original Description]
  It as been brought to my attention that libpam-sshauth (version >=0.3-1) have dropped support for publickey authentication.

  $ cat debian/changelog
  ---
  libpam-sshauth (0.3-1) experimental; urgency=low

    * New upstream version.
      - Switch to using libssh2.
    * Add Build-Depends on libssh2-1-dev and pkg-config, drop libssh-dev.
    * debian/rules: Install pam_sshauth.so into /lib/<triplet>/security/.

   -- Vagrant Cascadian <vagrant at debian.org>  Fri, 22 Mar 2013 12:31:56 -0700
  ---

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libpam-sshauth/+bug/1507798/+subscriptions