Re: Bug#685042: ITP: libpam-ssh -- Authenticate using SSH keys

[Jerome BENOIT <g6299304p@rezozer.net>]

Hello:

On 16/08/12 08:40, Neil Williams wrote:
> On Thu, 16 Aug 2012 03:01:33 +0200
> Jerome Benoit<g6299304p@rezozer.net>  wrote:
>
> > Package: wnpp
> > Severity: wishlist
> > Owner: Jerome Benoit<g6299304p@rezozer.net>
> >
> > * Package name    : libpam-ssh
> >    Version         : 1.97
> >    Upstream Author : Akorty Rosenauer
> > * URL             : http://pam-ssh.sourceforge.net/
> > * License         : BSD
> >    Programming Lang: C
> >    Description     : Authenticate using SSH keys
> >
> > This PAM module provides single sign-on behavior for SSH.
> > The user types an SSH passphrase when logging in and is
> > authenticated if the passphrase successfully decrypts the
> > user's SSH private key. In the PAM session phase, an ssh-agent
> > process is started and keys are added. For the entire session,
> > the user can SSH to other hosts that accept key authentication
> > without typing any passwords.
>
> Is this about using removable media to store the SSH private key to
> login to machines which only have the public key?

NO !

That would be useful
> (but isn't that covered by existing PAM support?) Is this some form of
> hot-desking support?
>
> If not, why is this better than a user having a different password for
> login and for the SSH key? Why tie login to one of my SSH private keys?

Let say that I used it to launch ssh-agent when I login (from console or desktop).

> The homepage doesn't make this clear, it sounds like the module just
> maps the user login via a graphical desktop manager to a particular SSH
> key the private key for which has to live on the system behind the login
> anyway. What's the point?

I am agree that the descriptions on the homepage and within the Debian package are confusing:
I will try to improve this part as well.


Thanks,
Jerome
 


>