Package: libpam-ssh-agent-auth Version: 0.10.3-3 Severity: wishlist Dear Maintainer,
*** Reporter, please consider answering these questions, where appropriate *** * What led up to the situation? i wanted to use an u2f token for remote sudo authentication * What exactly did you do (or not do) that was effective (or ineffective)? on the client (device with u2f token attached): ssh-keygen -f ~/.ssh/id_sudo ssh-agent -a ~/.ssh/sudo_agent ssh -o ForwardAgent=~/.ssh/sudo_agent jonny@alexandria on the server (where sudo should shoudl use pam_ssh_agent_auth) - in /etc/pam.d/sudo prepend auth sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys debug - in /etc/security/authorized_keys i added my ecdsa-sk key sk-ecdsa-sha2-nistp...@openssh.com AAA...oOg== j@io with ssh-agent -L | sudo tee -a /etc/security/authorized_keys - clear sudo cache (sudo -k) or relogin - try sudo -s * What was the outcome of this action? - sudo asked for my password - in /var/log/auth.log: Apr 29 14:56:24 alexandria sudo[624016]: pam_ssh_agent_auth: key_type_from_name: unknown key type 'sk-ecdsa-sha2-nistp...@openssh.com' Apr 29 14:56:24 alexandria sudo[624016]: pam_ssh_agent_auth: error: key_from_blob: remaining bytes in key blob 89 * What outcome did you expect instead? getting asked to touch my u2f token -- System Information: Debian Release: bullseye/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 5.5.0-2-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_WARN, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libpam-ssh-agent-auth depends on: ii libc6 2.30-4 ii libpam0g 1.3.1-5 ii libssl1.1 1.1.1g-1 libpam-ssh-agent-auth recommends no packages. libpam-ssh-agent-auth suggests no packages. -- no debconf information