[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys


On 16/08/12 08:40, Neil Williams wrote:
On Thu, 16 Aug 2012 03:01:33 +0200
Jerome Benoit<g6299304p@rezozer.net>  wrote:

Package: wnpp
Severity: wishlist
Owner: Jerome Benoit<g6299304p@rezozer.net>

* Package name    : libpam-ssh
   Version         : 1.97
   Upstream Author : Akorty Rosenauer
* URL             : http://pam-ssh.sourceforge.net/
* License         : BSD
   Programming Lang: C
   Description     : Authenticate using SSH keys

This PAM module provides single sign-on behavior for SSH.
The user types an SSH passphrase when logging in and is
authenticated if the passphrase successfully decrypts the
user's SSH private key. In the PAM session phase, an ssh-agent
process is started and keys are added. For the entire session,
the user can SSH to other hosts that accept key authentication
without typing any passwords.

Is this about using removable media to store the SSH private key to
login to machines which only have the public key?

NO !

That would be useful
(but isn't that covered by existing PAM support?) Is this some form of
hot-desking support?

If not, why is this better than a user having a different password for
login and for the SSH key? Why tie login to one of my SSH private keys?

Let say that I used it to launch ssh-agent when I login (from console or desktop).

The homepage doesn't make this clear, it sounds like the module just
maps the user login via a graphical desktop manager to a particular SSH
key the private key for which has to live on the system behind the login
anyway. What's the point?

I am agree that the descriptions on the homepage and within the Debian package are confusing:
I will try to improve this part as well.


Reply to: