Package Details: pam_ssh 2.1-4

Git Clone URL: https://aur.archlinux.org/pam_ssh.git (read-only)
Package Base: pam_ssh
Description: PAM module providing single sign-on behavior for SSH.
Upstream URL: http://pam-ssh.sourceforge.net/
Keywords: pam ssh
Licenses: custom
Submitter: tkjacobsen
Maintainer: pancho
Last Packager: pancho
Votes: 52
Popularity: 0.221218
First Submitted: 2007-10-07 14:44
Last Updated: 2017-05-07 08:07

Latest Comments

Nicky726 commented on 2017-05-28 14:05

Guess this might be obvious, but it seems a rebuild is needed in case OpenSSL is upgraded.

pancho commented on 2017-05-17 17:46

Glad to be of service, folks!

medman826 commented on 2017-05-11 15:37

It also builds successfully for me! Thanks!

Libbum commented on 2017-05-07 15:33

Confirmed working. Thanks pancho!

pancho commented on 2017-05-07 08:11

Fixed. I've worked around the issue with the include dir by leveraging CPPFLAGS env var, as described in the recent comments on the git-crypt AUR package.

Cheers!

pancho commented on 2017-05-07 07:39

Hi again.

I've managed to get it to build again, with this admittedly hackish workaround:

1) Add --with-ssl-dir=/usr/lib/openssl-1.0 to the ./configure call on PKGBUILD
2) sudo ln -snf ../../include/openssl-1.0 /usr/lib/openssl-1.0/include

Step 2 is needed because pam_ssh expects an include dir under the path specified for --with-ssl-dir; if that dir does not exist, it will end up using the include files for OpenSSL 1.1.0, and thus fail.

The bad news is that I cannot upload these changes like that (the 'sudo ln ...' part comes to mind). Changes will be needed either on the openssl-1.0 arch package, to include the include dir or symlink, or on upstream pam_ssh autoconf code to allow for a --with-ssl-include-files flag to be specified, so that we can call configure with --with-ssl-include-files=/usr/include/openssl-1.0, besides the aforementioned --with-ssl-dir=/usr/lib/openssl-1.0

Comments, suggestions and/or help is welcome!



pancho commented on 2017-05-04 18:33

Hi, folks. Thanks for reporting the issue. I'll take a look at it as soon as I can, and possibly report it upstream as well.

Libbum commented on 2017-05-03 08:23

@medman826 yes, looks like it's an upstream issue. May be as simple as the way the configure script checks the version values in the openssl headers. Seems that the upstream repo hasn't been active since 2013, so we may not have a quick response there. I'll take a look at some modifications when I have the time.

medman826 commented on 2017-05-01 19:45

I am also getting the configure error that Libbum mentioned. This happens even if I download the source and run ./configure manually.

Libbum commented on 2017-05-01 10:57

I'm getting a configure error: `Your OpenSSL headers do not match your library` when trying to install. Any idea how I can rectify this?
$ openssl version
`OpenSSL 1.1.0e 16 Feb 2017`

pancho commented on 2015-05-10 18:45

In pam_ssh 2.1-2 I've enabled signature checking for the source tarball (signed by Wolfgang Rosenauer, the current maintainer). See https://wiki.archlinux.org/index.php/Makepkg#Signature_checking for instructions on how to handle this.

pancho commented on 2014-03-04 21:41

Done. Thanks jstjohn for the heads up!

jstjohn commented on 2014-03-03 22:46

You should change the pam_ssh.install file such that it contains a post_upgrade() function that (1) uses vercmp to see if the upgrade is from <anything> to version 2+ and (2) echoes the *current* contents of pam_ssh.install.

Alternatively, rename pam_ssh.install to README or INSTALL and remove the 'install=' line from the PKGBUILD.

pancho commented on 2014-03-01 12:27

Updated to pam_ssh 2.0. Read the provided pam_ssh.install for the actions required for updating.

pancho commented on 2013-12-26 16:44

pam-ssh 2.0 was released on 2013-11-18, featuring the load of all keys in ~/.ssh/login-keys.d, sparing you the need to list every one of them in the pam config file (keyfiles param). Actually, the keyfiles param has been removed.

All three patches {block-sigterm,empty-pw-segfault-gentoo,log}.patch have been applied upstream, so can be removed from this package.

I've done so, built and installed the package, and it works like a charm, once I moved my keys to ~/.ssh/login-keys.d.

From the ChangeLog:
* expect keys used for login in ~/.ssh/login-keys.d directory
(see README; this behaviour will cause old setups to fail
since the default keys are not used anymore for auth)

Thanks!

pancho commented on 2013-12-26 16:43

pam-ssh 2.0 was released on 2013-11-18, featuring the load of all keys in ~/.ssh/login-keys.d, sparing you the need to list every one of them in the pam config file (keyfiles param). Actually, the keyfiles param has been removed.

All three patches {block-sigterm,empty-pw-segfault-gentoo,log}.patch have been applied upstream, so can be removed from this package.
2013-11-18
I've done so, built and installed the package, and it works like a charm, once I moved my keys to ~/.ssh/login-keys.d.

From the ChangeLog:
* expect keys used for login in ~/.ssh/login-keys.d directory
(see README; this behaviour will cause old setups to fail
since the default keys are not used anymore for auth)

Thanks!

bender02 commented on 2013-03-26 10:25

Updated. Please let me know if it doesn't work (as I don't have a setup that I could test the problem).

Anonymous comment on 2013-03-22 21:36

I confirm, I just applied the patch mentioned in the previous comment to resolved the timeout issue on the shutdown.
If you can apply the patch with the other ones, it will be helpful.

Thanks :)

mrgrim commented on 2013-03-15 22:52

I think the current version is running into the issue documented here:

https://bugzilla.novell.com/show_bug.cgi?id=727246

Any chance this patch could be applied here?

bender02 commented on 2012-05-07 13:40

Thanks, updated.

pnutzh4x0r commented on 2012-05-06 00:41

Adding --with-pam-dir=/usr/lib/security to the configure line will install it to the appropriate place.

grawity commented on 2012-05-05 15:32

mordervomubel: See "usrmove" or "usrmerge" for reasons regarding the change.

mordervomubel commented on 2012-05-05 14:27

Warning: this package puts pam_ssh.so into /lib/security/, but a recent update seems to have moved things to /usr/lib/security/, causing pam to think that this module is missing. You may want to update this to put pam_ssh.so into the right place. Not sure why they changed it...

For now, users of this package can solve the issue with this command:
ln /lib/security/pam_ssh.so /usr/lib/security/pam_ssh.so

bender02 commented on 2011-03-15 07:39

Thanks, added.

seiichiro0185 commented on 2011-03-13 09:30

There seems to be a missing dependency for openssh. If you build it in a clean chroot the configure will complain about not findung ssh-agent. Adding openssh to the depends fixes this.

bender02 commented on 2010-11-06 17:10

Done. Hope it helps :)

Anonymous comment on 2010-11-05 23:09

There is a bug in pam-ssh, that generates a segfault if you enter Ctrl+D to abort the authentication.
(See: http://sourceforge.net/tracker/?func=detail&aid=3027989&group_id=16000&atid=116000 and http://bugs.gentoo.org/show_bug.cgi?id=266603)

Gentoo has a patch for it: http://bugs.gentoo.org/attachment.cgi?id=188789&action=view

Can you please add it to the PKGBUILD?