#15 pam_ssh_agent_auth ProFTP

[Vincenzo De Naro Papa]

Hi all. As you say in project description ("can be used for for many purposes.") i'm trying to use this pam module to authenticate users for example with ProFTP daemon. I added "auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys" in /etc/pam.d/proftpd file and when i try to connect to ftp server as user demo, in auth.log i see this row:

pam_ssh_agent_auth: Failed Authentication: `demo' as `demo' using /home/demo/.ssh/authorized_keys
I checked the installation of pam module and with sudo (as your suggestions) it works perfectly.
What i'm wrong?

[Vincenzo De Naro Papa]

Someone there??
Thank you.

[jbeverly]

I'd need to know more about your setup to determine the cause. One thing that might aid in troubleshooting is to add "debug" to the pam configuration "auth sufficient pam_ssh_agent_auth.so" line.

Off the top of my head, my first guess would be that there isn't a forwarded ssh agent. Even if using ssh to port-forward for ftp the ftp daemon would have to have the environment variable set to the path of the ssh-agent for each authenticating user, which would require a substantial amount of voodoo to make happen for each auth attempt.

I haven't personally attempted to use this module for daemons or inetd services like ftp, as there are generally easier and better alternatives (sftp, in this case, for example)

Let me know how your attempting to use this, and provide a bit more detail about your setup, and I'll see if I can identify if its a bug or not.

Thanks.