[Bug 258384] pam_ssh.so.6 reporting undefined symbol

From: <bugzilla-noreply_at_freebsd.org>
Date: Thu, 09 Sep 2021 11:21:02 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=258384

            Bug ID: 258384
           Summary: pam_ssh.so.6 reporting undefined symbol
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: madpilot@FreeBSD.org

Hi,

I am trying to update my system to latest head (commit
4ccbbe5f0689513de4399d6dad43e85d97ad9cde) and upon updating the system I'm
seeing a new issue.

I use pam_ssh when logging in via display manager (lightdm) to login using the
ssh key phrase and automatically load the ssh key:

(from /etc/pam.d/xdm, included by light pam.d file)

auth            sufficient      pam_ssh.so              no_warn try_first_pass
auth            required        pam_unix.so             no_warn try_first_pass

After updating I get this error:

Sep  9 10:27:56 tommy lightdm[1362]: in try_dlopen(): /usr/lib/pam_ssh.so.6:
/usr/lib/libprivatessh.so.5: Undefined symbol "sshsk_sign"
Sep  9 10:27:56 tommy lightdm[1362]: in openpam_load_module(): no pam_ssh.so
found

Looks like pam_ssh is somehow trying to call a function not available, due to
our openssh being compiled without U2F support.

I noticed that some ifdefs where added [1] and then removed [2] upstream. I
tried adding back the ifdefs in [1] but it is not making any difference.

Unluckily I don't know how this actually works in code and am failing to
identify the code path which is causing pam_ssh to call the undefined function.
(still trying)

In the while I thought I'd report the issue.

If any further info is necessary please ask.



[1]
https://github.com/openssh/openssh-portable/commit/1e0b248d47c96be944868a735553af8482300a07

[2]
https://github.com/openssh/openssh-portable/commit/9244990ecdcfa36bb9371058111685b05f201c1e

-- 
You are receiving this mail because:
You are the assignee for the bug.