Package Details: pam_ssh 2.3-3

Git Clone URL: (read-only, click to copy)
Package Base: pam_ssh
Description: PAM module providing single sign-on behavior for SSH.
Upstream URL:
Keywords: pam ssh
Licenses: custom
Submitter: tajacobsen
Maintainer: pancho
Last Packager: pancho
Votes: 54
Popularity: 0.002403
First Submitted: 2007-10-07 14:44 (UTC)
Last Updated: 2020-11-13 06:18 (UTC)

Latest Comments

TankMissile commented on 2021-06-26 00:51 (UTC) (edited on 2021-06-26 00:51 (UTC) by TankMissile)

==> Verifying source file signatures with gpg... pam_ssh-2.3.tar.xz ... FAILED (unknown public key 180F6A5B3EDE742E)

==> ERROR: One or more PGP signatures could not be verified!

When I attempt to import the key by running gpg --recv-keys 180F6A5B3EDE742E I get the error "gpg: keyserver receive failed: No name".

pancho commented on 2020-05-16 06:38 (UTC)

I've opened an issue¹ upstream.


pancho commented on 2020-05-16 06:05 (UTC)

I've just updated the package forcing -fcommon to work around the issue, @asolopovas. Let me know if it causes you any more grief.


pancho commented on 2020-05-16 04:24 (UTC)

Hi, @asolopovas.

It seems we've been hit by a change in gcc-10, see ¹ for a workaround.


asolopovas commented on 2020-05-15 22:05 (UTC)

Same here, on top of that I get the error thfile.lo base64.lo bcrypt_pbkdf.lo blocks.lo blowfish.lo bufaux.lo bufec.lo bufbn.lo buffer.lo chacha.lo cipher-chachapoly.lo cipher-ctr.lo cipher.lo cleanup.lo digest-openssl.lo ed25519.lo explicit_bzero.lo fatal.lo fe25519.lo ge25519.lo hash.lo key.lo log.lo misc.lo poly1305.lo rijndael.lo rsa.lo verify.lo sc25519.lo timingsafe_bcmp.lo sshbuf-getput-crypto.lo sshbuf-getput-basic.lo sshbuf.lo sshbuf-misc.lo ssh-ed25519.lo ssh-ecdsa.lo ssh-dss.lo ssh-rsa.lo sshkey.lo ssherr.lo pam_ssh.lo xmalloc.lo pam_ssh_log.lo strlcpy.lo strnvis.lo pam_get_pass.lo pam_std_option.lo openpam_borrow_cred.lo openpam_restore_cred.lo -lpam -lcrypto libtool: link: gcc -shared -fPIC -DPIC .libs/atomicio.o .libs/authfd.o .libs/authfile.o .libs/base64.o .libs/bcrypt_pbkdf.o .libs/blocks.o .libs/blowfish.o .libs/bufaux.o .libs/bufec.o .libs/bufbn.o .libs/buffer.o .libs/chacha.o .libs/cipher-chachapoly.o .libs/cipher-ctr.o .libs/cipher.o .libs/cleanup.o .libs/digest-openssl.o .libs/ed25519.o .libs/explicit_bzero.o .libs/fatal.o .libs/fe25519.o .libs/ge25519.o .libs/hash.o .libs/key.o .libs/log.o .libs/misc.o .libs/poly1305.o .libs/rijndael.o .libs/rsa.o .libs/verify.o .libs/sc25519.o .libs/timingsafe_bcmp.o .libs/sshbuf-getput-crypto.o .libs/sshbuf-getput-basic.o .libs/sshbuf.o .libs/sshbuf-misc.o .libs/ssh-ed25519.o .libs/ssh-ecdsa.o .libs/ssh-dss.o .libs/ssh-rsa.o .libs/sshkey.o .libs/ssherr.o .libs/pam_ssh.o .libs/xmalloc.o .libs/pam_ssh_log.o .libs/strlcpy.o .libs/strnvis.o .libs/pam_get_pass.o .libs/pam_std_option.o .libs/openpam_borrow_cred.o .libs/openpam_restore_cred.o -lpam -lcrypto -march=x86-64 -mtune=generic -O2 -Wl,-O1 -Wl,--sort-common -Wl,--as-needed -Wl,-z -Wl,relro -Wl,-z -Wl,now -Wl,-soname -Wl, -o .libs/ /usr/bin/ld: .libs/ge25519.o:(.rodata+0x1aa80): multiple definition of `crypto_sign_ed25519_ref_ge25519_base'; .libs/ed25519.o:(.rodata+0x0): first defined here collect2: error: ld returned 1 exit status make[1]: [Makefile:523:] Error 1 make[1]: Leaving directory '/home/andrius/.cache/yay/pam_ssh/src/pam_ssh-2.3' make: [Makefile:434: all] Error 2 ==> ERROR: A failure occurred in build(). Aborting... Error making: pam_ssh

freed00m commented on 2020-01-27 20:32 (UTC) (edited on 2020-01-27 20:38 (UTC) by freed00m)

==> Verifying source file signatures with gpg... pam_ssh-2.3.tar.xz ... FAILED (unknown public key 180F6A5B3EDE742E)

Anyone got this?

EDIT: Ah sorry it is the software author at sourceforge's key not the maintainers.

totsilence commented on 2017-12-11 13:03 (UTC) (edited on 2017-12-12 10:11 (UTC) by totsilence)

pam_ssh is no longer working for me since a very recent upgrade. I am using sddm and have inluded pam_ssh things in /etc/pam.d/sddm accordingly.

Recently systemd, sddm and KDE Frameworks were updated, so it might be some incompatibility which I haven't figured out, yet. I tried rebuilding pam_ssh to no avail. It also doesn't work when including it in /etc/pam.d/login for console logins.

Did anybody observe the same problem?

EDIT: Problem solved, nothing to do with any package, I had stale files in ~/.ssh/agent-X which caused pam_ssh not to start ssh-agent.

Nicky726 commented on 2017-05-28 14:05 (UTC)

Guess this might be obvious, but it seems a rebuild is needed in case OpenSSL is upgraded.

pancho commented on 2017-05-17 17:46 (UTC)

Glad to be of service, folks!

medman826 commented on 2017-05-11 15:37 (UTC)

It also builds successfully for me! Thanks!

Libbum commented on 2017-05-07 15:33 (UTC)

Confirmed working. Thanks pancho!

pancho commented on 2017-05-07 08:11 (UTC)

Fixed. I've worked around the issue with the include dir by leveraging CPPFLAGS env var, as described in the recent comments on the git-crypt AUR package. Cheers!

pancho commented on 2017-05-07 07:39 (UTC) (edited on 2017-05-07 07:39 (UTC) by pancho)

Hi again. I've managed to get it to build again, with this admittedly hackish workaround: 1) Add --with-ssl-dir=/usr/lib/openssl-1.0 to the ./configure call on PKGBUILD 2) sudo ln -snf ../../include/openssl-1.0 /usr/lib/openssl-1.0/include Step 2 is needed because pam_ssh expects an include dir under the path specified for --with-ssl-dir; if that dir does not exist, it will end up using the include files for OpenSSL 1.1.0, and thus fail. The bad news is that I cannot upload these changes like that (the 'sudo ln ...' part comes to mind). Changes will be needed either on the openssl-1.0 arch package, to include the include dir or symlink, or on upstream pam_ssh autoconf code to allow for a --with-ssl-include-files flag to be specified, so that we can call configure with --with-ssl-include-files=/usr/include/openssl-1.0, besides the aforementioned --with-ssl-dir=/usr/lib/openssl-1.0 Comments, suggestions and/or help is welcome!

pancho commented on 2017-05-04 18:33 (UTC)

Hi, folks. Thanks for reporting the issue. I'll take a look at it as soon as I can, and possibly report it upstream as well.

Libbum commented on 2017-05-03 08:23 (UTC)

@medman826 yes, looks like it's an upstream issue. May be as simple as the way the configure script checks the version values in the openssl headers. Seems that the upstream repo hasn't been active since 2013, so we may not have a quick response there. I'll take a look at some modifications when I have the time.

medman826 commented on 2017-05-01 19:45 (UTC)

I am also getting the configure error that Libbum mentioned. This happens even if I download the source and run ./configure manually.

Libbum commented on 2017-05-01 10:57 (UTC)

I'm getting a configure error: `Your OpenSSL headers do not match your library` when trying to install. Any idea how I can rectify this? $ openssl version `OpenSSL 1.1.0e 16 Feb 2017`

pancho commented on 2015-05-10 18:45 (UTC)

In pam_ssh 2.1-2 I've enabled signature checking for the source tarball (signed by Wolfgang Rosenauer, the current maintainer). See for instructions on how to handle this.

pancho commented on 2014-03-04 21:41 (UTC)

Done. Thanks jstjohn for the heads up!

jstjohn commented on 2014-03-03 22:46 (UTC)

You should change the pam_ssh.install file such that it contains a post_upgrade() function that (1) uses vercmp to see if the upgrade is from <anything> to version 2+ and (2) echoes the *current* contents of pam_ssh.install. Alternatively, rename pam_ssh.install to README or INSTALL and remove the 'install=' line from the PKGBUILD.

pancho commented on 2014-03-01 12:27 (UTC)

Updated to pam_ssh 2.0. Read the provided pam_ssh.install for the actions required for updating.

pancho commented on 2013-12-26 16:44 (UTC)

pam-ssh 2.0 was released on 2013-11-18, featuring the load of all keys in ~/.ssh/login-keys.d, sparing you the need to list every one of them in the pam config file (keyfiles param). Actually, the keyfiles param has been removed. All three patches {block-sigterm,empty-pw-segfault-gentoo,log}.patch have been applied upstream, so can be removed from this package. I've done so, built and installed the package, and it works like a charm, once I moved my keys to ~/.ssh/login-keys.d. From the ChangeLog: * expect keys used for login in ~/.ssh/login-keys.d directory (see README; this behaviour will cause old setups to fail since the default keys are not used anymore for auth) Thanks!

bender02 commented on 2013-03-26 10:25 (UTC)

Updated. Please let me know if it doesn't work (as I don't have a setup that I could test the problem).

commented on 2013-03-22 21:36 (UTC)

I confirm, I just applied the patch mentioned in the previous comment to resolved the timeout issue on the shutdown. If you can apply the patch with the other ones, it will be helpful. Thanks :)

mrgrim commented on 2013-03-15 22:52 (UTC)

I think the current version is running into the issue documented here: Any chance this patch could be applied here?

bender02 commented on 2012-05-07 13:40 (UTC)

Thanks, updated.

pnutzh4x0r commented on 2012-05-06 00:41 (UTC)

Adding --with-pam-dir=/usr/lib/security to the configure line will install it to the appropriate place.

grawity commented on 2012-05-05 15:32 (UTC)

mordervomubel: See "usrmove" or "usrmerge" for reasons regarding the change.

mordervomubel commented on 2012-05-05 14:27 (UTC)

Warning: this package puts into /lib/security/, but a recent update seems to have moved things to /usr/lib/security/, causing pam to think that this module is missing. You may want to update this to put into the right place. Not sure why they changed it... For now, users of this package can solve the issue with this command: ln /lib/security/ /usr/lib/security/

bender02 commented on 2011-03-15 07:39 (UTC)

Thanks, added.

seiichiro0185 commented on 2011-03-13 09:30 (UTC)

There seems to be a missing dependency for openssh. If you build it in a clean chroot the configure will complain about not findung ssh-agent. Adding openssh to the depends fixes this.

bender02 commented on 2010-11-06 17:10 (UTC)

Done. Hope it helps :)

commented on 2010-11-05 23:09 (UTC)

There is a bug in pam-ssh, that generates a segfault if you enter Ctrl+D to abort the authentication. (See: and Gentoo has a patch for it: Can you please add it to the PKGBUILD?