#1037122 libpam-ssh-agent-auth: Sudo with ECDSA key segfaults

Package:
libpam-ssh-agent-auth
Source:
libpam-ssh-agent-auth
Description:
PAM Authentication via forwarded ssh-agent
Submitter:
Marc Fite
Date:
2024-11-18 06:48:01 UTC
Severity:
normal
Tags:
#1037122#5
Date:
2023-06-05 11:01:30 UTC
From:
To:
Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?

   	Login with ssh -A and trying to sudo with a yubikey:


	Jun  5 12:09:39 vls15775 sudo[3083994]: pam_ssh_agent_auth: secure_filename: terminating check at '/home/mfite'
	Jun  5 12:09:39 vls15775 sudo[3083994]: pam_ssh_agent_auth: matching key found: file/command /home/mfite/.ssh/authorized_keys, line 1
	Jun  5 12:09:39 vls15775 sudo[3083994]: pam_ssh_agent_auth: Found matching ECDSA key: f5:4f:d7:06:73:d4:e9:be:72:60:54:e4:fe:59:70:0e


   * What exactly did you do (or not do) that was effective (or
     ineffective)?

	sudo su -

	# cat /etc/pam.d/sudo
	#%PAM-1.0
	auth	sufficient	pam_ssh_agent_auth.so file=~/.ssh/authorized_keys debug

	@include common-auth
	@include common-account
	@include common-session-noninteractive

   * What was the outcome of this action?


   	Segfault of sudo:

	[16590023.461986] sudo[3083994]: segfault at 8 ip 00007f6a8ae4f770 sp 00007ffc3696af78 error 4 in libcrypto.so.1.1[7f6a8ae04000+1a7000]

   * What outcome did you expect instead?


   	Sudo su - without segfault

*** End of the template - remove these template lines ***
#1037122#10
Date:
2023-06-08 14:56:24 UTC
From:
To:
Same problem with DSA key

RSA and ED25519 works !
#1037122#15
Date:
2024-11-18 06:48:07 UTC
From:
To:
I believe the same issue is reported as
<URL: https://bugs.launchpad.net/bugs/1869512 >, and is fixed upstream in
<URL: https://github.com/jbeverly/pam_ssh_agent_auth/commit/1b0d9bcc5f5cd78b0bb1357d6a11da5d616ad26f >.

There is no upstream release including this fix yet.