[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys

On Thu, 16 Aug 2012 03:01:33 +0200
Jerome Benoit <g6299304p@rezozer.net> wrote:

> Package: wnpp
> Severity: wishlist
> Owner: Jerome Benoit <g6299304p@rezozer.net>
> * Package name    : libpam-ssh
>   Version         : 1.97
>   Upstream Author : Akorty Rosenauer
> * URL             : http://pam-ssh.sourceforge.net/
> * License         : BSD
>   Programming Lang: C
>   Description     : Authenticate using SSH keys
> This PAM module provides single sign-on behavior for SSH.
> The user types an SSH passphrase when logging in and is
> authenticated if the passphrase successfully decrypts the
> user's SSH private key. In the PAM session phase, an ssh-agent
> process is started and keys are added. For the entire session,
> the user can SSH to other hosts that accept key authentication
> without typing any passwords.

Is this about using removable media to store the SSH private key to
login to machines which only have the public key? That would be useful
(but isn't that covered by existing PAM support?) Is this some form of
hot-desking support?

If not, why is this better than a user having a different password for
login and for the SSH key? Why tie login to one of my SSH private keys?

The homepage doesn't make this clear, it sounds like the module just
maps the user login via a graphical desktop manager to a particular SSH
key the private key for which has to live on the system behind the login
anyway. What's the point?


Neil Williams

Attachment: pgpr_Kgc52HFY.pgp
Description: PGP signature

Reply to: