Bugzilla – Bug 772479
unable to su - to a user that has a SSH-key when pam_ssh is in use
Last modified: 2012-08-08 12:27:53 UTC
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1 I am unable to su - to a user that has an SSH key with a pass-phrase that is different from the account password (su - to an account that has a SSH key whose pass-phrase is identical to the account password works, su - to root where there is no SSH key also works) #/etc/pam.d/common-auth-pc contains this line for pam_ssh: auth optional pam_ssh.so nullok Reproducible: Always Steps to Reproduce: 1. use pam_ssh 2. have a user that has an SSH key with pass-phrase different than the account password 3. normal users are unable to su - to them, only root can do that Actual Results: ~> LANG=C su - amarok-devel Password: SSH passphrase: su: : Unknown error -2016755760 the error is different every time
Take a look at bug #730851. This looks like a problem with your pam settings. pam_unix2 module takes the password passed from previous module, so your ssh passphrase gets passed to pam_unix2 and the su fails. I suggest not to use pam_ssh as auth module. Try changing "auth" to "session" for pam_ssh in your settings.
A duplicate of bug 730851. *** This bug has been marked as a duplicate of bug 730851 ***