Hi,I am currently developing a custom PAM module which performs checks of additional SSH keys. A quick example:I'm logging in via ssh which is configured to use my PAM module for authentication. In this module I'mchecking if the user's SSH keys are valid etc. and allow the login accordingly.
I want to use libssh for the key authentication, e.g. 'ssh_pki_import_privkey_base64','ssh_pki_export_privkey_to_pubkey' and so on. Trying these functions in a test program they work fine and actas expected. As soon as I use them from within my PAM module in SSH however, some strange errors occur. Uponcalling 'ssh_pki_import_privkey_base64' syslog tells me 'fatal: key_new: bad key type 728'Searching for this error yields some results from the openssh source (key.c in particular) which is thedefault ssh implementation on my system (FreeBSD 10).I played around a little with the libssh source and added some debug statements in pki.c just before and after'key = pki_private_key_from_base64(b64_key, passphrase, auth_fn, auth_data);'. The statements before it areprinted but none after it. I also added debug statements in pki_gcrypt.c, pki_private_key_from_base64() noneof which are printed. Strangely, it seems that pki_private_key_from_base64() is not being called but something else ishappening.'ldd /usr/sbin/sshd' tells me that the first dependency of 'sshd' is a 'libssh.so.5' which contains the key.cemitting the error. I therefore suppose that 'sshd' somehow gives its own libssh precedence over everythingelse which in turn prevents me from calling pki_private_key_from_base64() of the "true" libssh. I have no ideahow this interferes, though. Could there be a name clash of some sort?Thanks for any ideas. --- Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! http://email.freenet.de/basic/Informationen
