On 4/8/2020 9:20 AM, Rory Campbell-Lange wrote: > I'm having trouble setting up pam_ssh_agent_auth.so, which allows users > with authenticated public keys to sudo. > > cat /etc/pam.d/sudo > auth sufficient pam_ssh_agent_auth.so > file=/etc/security/authorized_keys > @include common-auth > @include common-account > @include common-session-noninteractive > > /var/log/auth/log > Apr 8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: matching key > found: file/command /etc/security/authorized_keys, line 7 > Apr 8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: Found matching > RSA key: a5:36:xx:f5:xx:9f:xx:20:6a:d9:87:98:4a:4b:10:6a > Apr 8 06:53:54 localhost sudo[23924]: pam_ssh_agent_auth: Authenticated: > `it' as `it' using /etc/security/authorized_keys > Apr 8 06:53:54 localhost sudo: it : user NOT in sudoers ; > TTY=pts/1 ; PWD=/home/it ; USER=root ; COMMAND=/usr/bin/ls > > user: > it@localhost:~$ sudo ls > it is not in the sudoers file. This incident will be reported. >
Did the user in question is in the sudoers file? Try the following line in /etc/sudoers.d/ssh user ALL=(ALL) ALL Where 'user' is the name of the SSH user. If it works, you should restrick the above line. -- John Doe