The multiple invocations fix release

This release brings one bug fix where we would attempt to initialise logging twice if the plugin is invoked twice. This would cause the second attempt to invoke the plugin to silently fail.

The release also includes some special behaviour inherited from pam_ssh_agent_auth where authentication would succeed if the calling service is sshd and the environment variable SSH_AUTH_INFO_0 contains a public key matching one of the public keys this plugin is configured with. See the new section in README.md for additional detail.

The authorized_keys_command release

This release integrates the work of @PaulSD to the optional authorized_keys_command that can be used to specify an external program that can be invoked to obtain public keys used for authentication. If you operate pam-ssh-agent in a context where this in use, please test and raise any issues.

This is exciting because it marks the home stretch of providing the complete feature set of pam_ssh_agent_auth, with support for the authorized_keys_command being the last major feature that was previously missing.

Binary packages will be built for Ubuntu 24.04, Fedora and EPEL shortly after this is released. See the links in README.md for details on how to use them.

The rpm build release

This is a tiny release, the only difference that goes in is that the test cases in verify.rs now avoids using the base64-literal crate. It is a good idea, but since it doesn't exist in the RPM Rust ecosystem, lets get rid of it to simplify building in copr.

The ssh cert fix release

This release fixes

What's Changed

• Fixes the issue where authentication would fail when the ssh agent is configured with ssh certificates
• Introduces a feature that optionally uses openssl for cryptographic operations instead of the pure rust versions

Full Changelog: v0.9.0...v0.9.1

v0.9.0

What's Changed

This release brought in some rpm build functionality contributed by @pbiering

New Contributors

• @pbiering made their first contribution in #25

Full Changelog: v0.5.1...v0.9.0

v0.5.1

This is a small release to add the default_ssh_auth_sock PAM parameter. Plese let me know if you are interested in me building and publishing binaries for this release.

0.5.0

Another small release, mainly to bring support for sk-ecdsa keys.

Also, thanks to a contribution from @jac-cbi an ssh-agent failure is no longer considered a fatal authentication failure. This means that if a hardware backed key is not present on the system running ssh-agent, all the other available keys will be tried as well, making it possible to fall back to some other key in that case.

0.4.0

With this new release, dsa keys are properly supported as well as sk-ed25519 key pairs
backed by FIDO2 hardware.

Initial public release

v0.3.0

Update docs, bump version to 0.3.0