[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: For those who care about pam-ssh: RFC



2008/12/16 Jens Peter Secher <jps@debian.org>:
> That is intentional to make it harder to tell the difference between
> which users exist and which do not.

(I know, it was just to point to the fact the pam-ssh is actually running)

> Using option 'try_first_pass' does not make any difference when no
> previous module has asked for a password.

Mmm, it makes the module to ask the unlock password just if it finds
the ssh key (if I take it away, I'm asked for the ssh password, but it
still doesn't work for it doesn't find the key anyway)

>> auth    optional        pam_gnome_keyring.so
>
> Ahh, Gnome Keyring.

I commented it out, no difference...

> working.  If you find something that is not working in such a basic
> environment, you should try to add the 'debug' option to pam_ssh and
> watch /var/log/auth.log.

This is a snippet from auth.log

Dec 16 00:30:21 glenda pam_ssh[6179]: debug1: Authentication debugging.
Dec 16 00:30:21 glenda pam_ssh[6179]: debug1: Looking for SSH login
keys in /home/luca/.ssh/login-keys.d/.
Dec 16 00:30:21 glenda pam_ssh[6179]: debug1: No SSH login keys found.
Dec 16 00:30:21 glenda pam_ssh[6179]: debug1: Grabbing password from
preceding auth module.

I tried copying the key in .ssh/login-keys.d instead of linking it, I
tried, just for testing, to make both the dir and the key
world-readable, but no difference.
I can't really see what I'm doing wrong...
luca
P.S.
I keep sending private mails by mistake, sorry...


Reply to: