Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

PAM bad jump in stack after pam_ssh_agent_auth successful
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
kess-net
n00b
n00b


Joined: 16 May 2021
Posts: 3
PostPosted: Sun May 16, 2021 1:59 pm    Post subject: PAM bad jump in stack after pam_ssh_agent_auth successful Reply with quote
Hi guys,
I would be glad if someone could lead me to success. I am trying to use ssh-agent forwarding to sudo (root).

I followed https://wiki.gentoo.org/wiki/Pam_ssh_agent_auth. ssh-agent is running. SSH_AUTH_SOCK is set an in my environment. my key is loaded. But I am still asked for my login password.

With debug option the log file states:

Code:
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Beginning pam_ssh_agent_auth for user myself
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Attempting authentication: `myself' as `myself' using /etc/ssh/sudo_authorized_key
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Contacted ssh-agent of myself myself (1000)
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: trying public key file /etc/ssh/sudo_authorized_key
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: auth_secure_filename: checking for uid: 0
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: secure_filename: checking '/etc/ssh'
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: secure_filename: checking '/etc'
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: secure_filename: checking '/'
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: matching key found: file/command /etc/ssh/sudo_authorized_key, line 1
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Found matching RSA key: 43:40:bc:73:91:72:e6:96:5d:b4:24:6d:d1:fb:f3:77
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: ssh_rsa_verify: signature correct
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Authenticated: `myself' as `myself' using /etc/ssh/sudo_authorized_key
May 16 15:43:09 host sudo[11758]: PAM bad jump in stack
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Beginning pam_ssh_agent_auth for user myself
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Attempting authentication: `myself' as `myself' using /etc/ssh/sudo_authorized_key
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Contacted ssh-agent of user myself (1000)
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: trying public key file /etc/ssh/sudo_authorized_key
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: auth_secure_filename: checking for uid: 0
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: secure_filename: checking '/etc/ssh'
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: secure_filename: checking '/etc'
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: secure_filename: checking '/'
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: matching key found: file/command /etc/ssh/sudo_authorized_key, line 1
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Found matching RSA key: 43:40:bc:73:91:72:e6:96:5d:b4:24:6d:d1:fb:f3:77
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: ssh_rsa_verify: signature correct
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Authenticated: `myself' as `myself' using /etc/ssh/sudo_authorized_key
May 16 15:43:09 host sudo[11758]: PAM bad jump in stack
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Beginning pam_ssh_agent_auth for user myself
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Attempting authentication: `myself' as `myself' using /etc/ssh/sudo_authorized_key
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Contacted ssh-agent of user myself (1000)
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: trying public key file /etc/ssh/sudo_authorized_key
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: auth_secure_filename: checking for uid: 0
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: secure_filename: checking '/etc/ssh'
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: secure_filename: checking '/etc'
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: secure_filename: checking '/'
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: matching key found: file/command /etc/ssh/sudo_authorized_key, line 1
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Found matching RSA key: 43:40:bc:73:91:72:e6:96:5d:b4:24:6d:d1:fb:f3:77
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: ssh_rsa_verify: signature correct
May 16 15:43:09 host sudo[11758]: pam_ssh_agent_auth: Authenticated: `myself' as `myself' using /etc/ssh/sudo_authorized_key
May 16 15:43:09 host sudo[11758]: PAM bad jump in stack
May 16 15:43:09 host sudo[11758]:     myself : 3 incorrect password attempts ; TTY=pts/1 ; PWD=/home/myself ; user=root ; COMMAND=/bin/su -

Thank you in advance.
kess

[Moderator edit: added [code] tags to preserve output layout; fixed link to Wiki page. -Hu]
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21628
PostPosted: Sun May 16, 2021 4:27 pm    Post subject: Reply with quote
That message seems to come from only one place in PAM:
libpam/pam_dispatch.c:
       /* this case is a syntax error: we can't succeed */
       if (action) {
      pam_syslog(pamh, LOG_ERR, "bad jump in stack");
Since the comment says syntax error, I think we need to see how you configured PAM for this. Please post the output of cat -n on each of the PAM files you modified for this.
Back to top
View user's profile Send private message
kess-net
n00b
n00b


Joined: 16 May 2021
Posts: 3
PostPosted: Sun May 16, 2021 7:10 pm    Post subject: Reply with quote
Thank you for your response.
I modified just one pam file;

Code:
$ cat  /etc/pam.d/sudo
# File autogenerated by pamd_mimic in pam eclass

#auth /lib64/security/pam_ssh_agent_auth.so  file=/etc/ssh/sudo_authorized_key
auth [success=3 default=ignore] pam_ssh_agent_auth.so file=/etc/ssh/sudo_authorized_key debug
auth    substack                system-auth
account substack                system-auth
session substack                system-auth


sudo_authorized_key is no mistake. This file is named that way.
Code:
$ ls -l /etc/ssh/sudo_authorized_key
-rw-r--r-- 1 root root 738 14. Mai 14:52 /etc/ssh/sudo_authorized_key


Of course I also edited /etc/sudoers.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21628
PostPosted: Sun May 16, 2021 7:37 pm    Post subject: Reply with quote
The Wiki uses include, not substack, for the remaining lines. If you use include, does it work? What is in the referenced file? Perhaps the syntax error is there, not in the file you modified.
Back to top
View user's profile Send private message
kess-net
n00b
n00b


Joined: 16 May 2021
Posts: 3
PostPosted: Mon May 17, 2021 6:49 am    Post subject: Reply with quote
Unfortunately nothing changes when I use include instead of substack.

The referneced file is containing my public key:

Code:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHsd9m0N3e6Z1A4ypTezSJ8g6eynOx5OtsmdfCYoTAxr8TMo2VbuDQ81Wqh4FC5yf/EUeMYRGzGuRqQrPPYu0tbDTXU3/hrktr2RLdKGlCio99Y6RUxPSIurTcj+qMYPIFbwVwH3bUWuTC7h84dIfblFihvjooUZ55n7BvyF1VrzsdtqrbnelDvB2548xZF8Eor5VDAPsCeB2MeYlkYkEK6UkMfm57nrI72/VjYeEu/QA86OPkmKn9DtjFtUJeJkGEiAgg3f7V0ZhFH6nsFkVYE6FKd6DJV0dROvuqfvzf2j4erQVBd8iRmZ3+oGtAD6RV8u10Bxcrt9bfNNXFHDc0ZIJLbdPFIKDK2ZPoJvxP1OL9fQNQGlG/K2fnMIy9wZoI6a4UYHr4CDYGz3bpHGkGKrXBb0YSpnN7ZhqYVjmM/hKCdMGx/Jp7YWGYyJO3M90G2sME/K67Wte3Q05Emu8xFkKdygfG0jVuSdMjqg3Z0j/ucAiXT30RttxnhryQN98ppS1oxVw1jXqNpgjgiY2GtRdf+731XQ/NK3EhOC8fDxfYHSveSNLCwY0Fn7lFVCIlWPYc+gHh/uPiq5G6TreBBhucgNjIsYrhRXQvUoSXv1spGfP/0Ll+V9TvuZV85fQ/EzmyM23EI/6kqFu6jsG18Z3S7OCp3RSsPoH0Wd7zGw== myself@host


As I understand it the three remaining lines provide the usual password prompt for authentication if pam_ssh_agent_auth fails.
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 21628
PostPosted: Mon May 17, 2021 3:27 pm    Post subject: Reply with quote
By referenced file, I meant the system-auth configuration, not the public key. I admit it's a bit unlikely to be there, but the only other explanation I can see is that the Wiki's instructions are simply wrong.
Back to top
View user's profile Send private message
Jimmy Jazz
Guru
Guru


Joined: 04 Oct 2004
Posts: 325
Location: Strasbourg
PostPosted: Mon May 17, 2021 11:16 pm    Post subject: Reply with quote
why not use 'sufficient' if you don't want to walk through the stack/include file or success=1 ?

auth sufficient pam_ssh.so ... debug

or

auth substack system-auth
auth requisite pam_ssh.so ... debug
auth required pam_permit.so

and alike ?

formatux has a nice table for the steps
_________________
« La seule condition au triomphe du mal, c'est l'inaction des gens de bien » E.Burke
Code:

+----+----+----+
|    |::::|    |
|    |::::|    |
+----+----+----+

motto: WeLCRO
WritE Less Code, Repeat Often
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy