Skip to content

Quick question: Does it requires reboot to take effect after installation? #26

Open
Open
Quick question: Does it requires reboot to take effect after installation?#26

Description

@beyondbill
beyondbill
opened on Jul 22, 2020

I want to install pam_ssh_agent_auth in Fedora CoreOS. The installation succeeded with a reminder to reboot though.

[core@ip-10-10-8-158 pam_ssh_agent_auth-0.10.3]$ sudo rpm-ostree install pam_ssh_agent_auth
Checking out tree 6df95bd... done
Enabled rpm-md repositories: fedora-cisco-openh264 updates fedora
Updating metadata for 'fedora-cisco-openh264'... done
rpm-md repo 'fedora-cisco-openh264'; generated: 2020-03-17T20:10:45Z
Updating metadata for 'updates'... done
rpm-md repo 'updates'; generated: 2020-07-22T00:57:28Z
Updating metadata for 'fedora'... done
rpm-md repo 'fedora'; generated: 2020-04-22T22:22:36Z
Importing rpm-md... done
Resolving dependencies... done
Will download: 1 package (157.7?kB)
Downloading from 'updates'... done
Importing packages... done
Checking out packages... done
Running pre scripts... done
Running post scripts... done
Running posttrans scripts... done
Writing rpmdb... done
Writing OSTree commit... done
Staging deployment... done
Added:
  pam_ssh_agent_auth-0.10.3-10.3.fc32.x86_64
Run "systemctl reboot" to start a reboot

I would totally get the need to restart sshd. But Is rebooting the server truly necessary for pam_ssh_agent_auth to take effect? If possible, I want to avoid such a reboot. Here are the Ansible tasks related to how pam_ssh_agent_auth is used in my case.

- name: Copy over authorized_keys file for sudo access
  copy:
    src:  "{{ base_ami_config.authorized_keys_path | default('authorized_keys') }}"
    dest: /etc/security/authorized_keys
    owner: root
    group: root
    mode: 0600
- name: Set up pam_ssh_agent_auth for sudo authorization
  lineinfile:
    path: /etc/pam.d/sudo
    line: 'auth    sufficient pam_ssh_agent_auth.so file=/etc/security/authorized_keys'
    insertbefore: BOF
- name: Keep SSH_AUTH_SOCK in sudo to verify private key in SSH agent
  lineinfile:
    path: /etc/sudoers
    line: 'Defaults    env_keep += "SSH_AUTH_SOCK"'
    insertafter: '^Defaults\s+env_keep\s*=.*'

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions