[Freeipa-users] Ghost ipaSshPubKey in sss_ssh_authorizedkeys or 'Error looking up public keys'

Sun Jul 17 21:21:34 UTC 2016

On So, 2016-07-16 at 15:37 +0200, Lukas Slebodnik wrote:
> On (16/07/16 10:19), Martin Štefany wrote:
> > 
> > Hello Sumit,
> > 
> > seems that upgrade to F24 broke things again. This time no AVCs, empty SSSD
> > logs, but same problem: 'Error looking up public keys'.
> > 
> > selinux-policy-3.13.1-191.fc24.3.noarch
> > selinux-policy-targeted-3.13.1-191.fc24.3.noarch
> > sssd-1.13.4-3.fc24.x86_64
> > 
> Fedora 23 and fedora 24 has the same version of sssd
> and almost the same version of openssh.
> I have no idea what coudl broke it it there are not any AVCs.
> 
> > 
> > Using debug_level 0x0250 ::
> > 
> For troubleshooting, it would be better to see all
> debug messages. (debug_level = 0xfff0)

Hello Lukas,

thanks for replying on this, here are debug_level = 0xfff0 messages

(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [get_client_cred] (0x4000): Client creds:
euid[1293400001] egid[1293400001] pid[15966].
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [reset_idle_timer] (0x4000): Idle timer
re-set for client [0x5617ca096280][18]
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [accept_fd_handler] (0x0400): Client
connected!
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [reset_idle_timer] (0x4000): Idle timer
re-set for client [0x5617ca096280][18]
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_cmd_get_version] (0x0200): Received
client version [0].
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_cmd_get_version] (0x0200): Offered
version [0].
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [reset_idle_timer] (0x4000): Idle timer
re-set for client [0x5617ca096280][18]
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [reset_idle_timer] (0x4000): Idle timer
re-set for client [0x5617ca096280][18]
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ssh_cmd_parse_request] (0x0400):
Requested domain [<ALL>]
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ssh_cmd_parse_request] (0x0400): Parsing
name [martin][<ALL>]
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_parse_name_for_domains] (0x0200):
name 'martin' matched without domain, user is martin
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_ssh_cmd_get_user_pubkeys] (0x0400):
Requesting SSH user public keys for [martin] from [<ALL>]
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_dp_issue_request] (0x0400): Issuing
request for [0x5617c96301a0:1:martin at stefany.eu]
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_dp_get_account_msg] (0x0400):
Creating request for [stefany.eu][0x1][BE_REQ_USER][1][name=martin]
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sbus_add_timeout] (0x2000):
0x5617ca09bb60
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_dp_internal_get_send] (0x0400):
Entering request [0x5617c96301a0:1:martin at stefany.eu]
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sbus_remove_timeout] (0x2000):
0x5617ca09bb60
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sbus_dispatch] (0x4000): dbus conn:
0x5617ca09a300
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sbus_dispatch] (0x4000): Dispatching.
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_dp_get_reply] (0x1000): Got reply
from Data Provider - DP error code: 0 errno: 0 error message: Success
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ssh_user_pubkeys_search_next] (0x0400):
Requesting SSH user public keys for [martin at stefany.eu]
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ldb] (0x4000): Added timed event
"ltdb_callback": 0x5617ca0a4370
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ldb] (0x4000): Added timed event
"ltdb_timeout": 0x5617ca0a4430
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ldb] (0x4000): Running timer event
0x5617ca0a4370 "ltdb_callback"
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ldb] (0x4000): Destroying timer event
0x5617ca0a4430 "ltdb_timeout"
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ldb] (0x4000): Ending timer event
0x5617ca0a4370 "ltdb_callback"
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [decode_and_add_base64_data] (0x4000):
Mssing element, nothing to do.
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [decode_and_add_base64_data] (0x4000):
Mssing element, nothing to do.
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [cert_to_ssh_key] (0x0020):
CERT_VerifyCertificateNow failed [-8179].
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [decode_and_add_base64_data] (0x0040):
cert_to_ssh_key failed.
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ssh_cmd_build_reply] (0x0040):
decode_and_add_base64_data failed.
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [ssh_cmd_done] (0x0020): Fatal error,
killing connection!
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [client_destructor] (0x2000): Terminated
client [0x5617ca096280][18]
(Sun Jul 17 23:17:34 2016) [sssd[ssh]] [sss_dp_req_destructor] (0x0400):
Deleting request: [0x5617c96301a0:1:martin at stefany.eu]

> > 
> > $ /usr/bin/sss_ssh_authorizedkeys martin
> > Error looking up public keys
> > 
> And try to run strace with sss_ssh_authorizedkeys
> 
> LS

Martin