RE: Error when using libssh in a PAM module with OpenSSH

[perox@xxxxxxxxxx]

        Sorry, webmail once more f'ed up the formatting. Trying again:

Hi,

I am currently developing a custom PAM module which performs checks of additional
SSH keys. A quickexample:I'm logging in via ssh which is configured to use my 
PAM module for authentication. In this moduleI'mchecking if the user's SSH keys are
valid etc. and allow the login accordingly.

I want to use libssh for the key authentication, e.g.'ssh_pki_import_privkey_base64',
'ssh_pki_export_privkey_to_pubkey' and so on. Trying these functions in a testprogram
they work fine and act as expected. As soon as I use them from within my PAM module
in SSH however,some strange errors occur. Uponcalling 'ssh_pki_import_privkey_base64'
syslog tells me 

'fatal: key_new: badkey type 728'

Searching for this error yields some results from the openssh source (key.c in particular)
whichis the default ssh implementation on my system (FreeBSD 10).

I played around a little with the libssh source andadded some debug statements in 
pki.c just before and after 
'key = pki_private_key_from_base64(b64_key,passphrase, auth_fn, auth_data);'.

The statements before it areprinted but none after it. I also added debugstatements in
pki_gcrypt.c, pki_private_key_from_base64() none of which are printed. Strangely, it
seems thatpki_private_key_from_base64() is not being called but something else is
happening.

'ldd /usr/sbin/sshd' tells methat the first dependency of 'sshd' is a 'libssh.so.5' which
contains the key.cemitting the error. I thereforesuppose that 'sshd' somehow gives its
own libssh precedence over everythingelse which in turn prevents me fromcalling 
'pki_private_key_from_base64()' of the "true" libssh. I have no ideahow this interferes, 
though. Couldthere be a name clash of some sort?

Thanks for any ideas.



---
Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen