Re: Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys
On 16/08/12 08:40, Neil Williams wrote:
On Thu, 16 Aug 2012 03:01:33 +0200
Jerome Benoit<email@example.com> wrote:
Owner: Jerome Benoit<firstname.lastname@example.org>
* Package name : libpam-ssh
Version : 1.97
Upstream Author : Akorty Rosenauer
* URL : http://pam-ssh.sourceforge.net/
* License : BSD
Programming Lang: C
Description : Authenticate using SSH keys
This PAM module provides single sign-on behavior for SSH.
The user types an SSH passphrase when logging in and is
authenticated if the passphrase successfully decrypts the
user's SSH private key. In the PAM session phase, an ssh-agent
process is started and keys are added. For the entire session,
the user can SSH to other hosts that accept key authentication
without typing any passwords.
Is this about using removable media to store the SSH private key to
login to machines which only have the public key?
That would be useful
(but isn't that covered by existing PAM support?) Is this some form of
If not, why is this better than a user having a different password for
login and for the SSH key? Why tie login to one of my SSH private keys?
Let say that I used it to launch ssh-agent when I login (from console or desktop).
The homepage doesn't make this clear, it sounds like the module just
maps the user login via a graphical desktop manager to a particular SSH
key the private key for which has to live on the system behind the login
anyway. What's the point?
I am agree that the descriptions on the homepage and within the Debian package are confusing:
I will try to improve this part as well.