Re: For those who care about pam-ssh: RFC
2008/12/16 Jens Peter Secher <jps@debian.org>:
> That is intentional to make it harder to tell the difference between
> which users exist and which do not.
(I know, it was just to point to the fact the pam-ssh is actually running)
> Using option 'try_first_pass' does not make any difference when no
> previous module has asked for a password.
Mmm, it makes the module to ask the unlock password just if it finds
the ssh key (if I take it away, I'm asked for the ssh password, but it
still doesn't work for it doesn't find the key anyway)
>> auth optional pam_gnome_keyring.so
>
> Ahh, Gnome Keyring.
I commented it out, no difference...
> working. If you find something that is not working in such a basic
> environment, you should try to add the 'debug' option to pam_ssh and
> watch /var/log/auth.log.
This is a snippet from auth.log
Dec 16 00:30:21 glenda pam_ssh[6179]: debug1: Authentication debugging.
Dec 16 00:30:21 glenda pam_ssh[6179]: debug1: Looking for SSH login
keys in /home/luca/.ssh/login-keys.d/.
Dec 16 00:30:21 glenda pam_ssh[6179]: debug1: No SSH login keys found.
Dec 16 00:30:21 glenda pam_ssh[6179]: debug1: Grabbing password from
preceding auth module.
I tried copying the key in .ssh/login-keys.d instead of linking it, I
tried, just for testing, to make both the dir and the key
world-readable, but no difference.
I can't really see what I'm doing wrong...
luca
P.S.
I keep sending private mails by mistake, sorry...
Reply to: