Re: Bug#156257: ITP: libpam-ssh -- SSH key authentication and single sign-on via PAM
On Sun, 11 Aug 2002 06:59:29 +0200, Russell Coker <firstname.lastname@example.org> said:
> With such a PAM module installed anyone who can write to your home directory
> can change your password.
The module provides only PAM auth and session components, so they can't
literally change your password. Yes, if they can write to your ~/.ssh
directory they'll be able to authenticate as you for any program which uses
the pam_ssh.so auth scheme, but if they can do that they can already log in
as you (by putting their key into your ~/.ssh directory) and connecting
Of course, installing the module won't turn it on for any PAM clients.
The admin will choose how they want to use it.