Query: pam_ssh
OS: suse
Section: 8
Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar
PAM_SSH(8) BSD System Manager's Manual PAM_SSH(8)NAMEpam_ssh -- authentication and session management with SSH private keysSYNOPSIS[service-name] module-type control-flag pam_ssh [options]DESCRIPTIONThe SSH authentication service module for PAM, pam_ssh provides functionality for two PAM categories: authentication and session management. In terms of the module-type parameter, they are the ``auth'' and ``session'' features. It also provides null functions for the remaining categories. SSH Authentication Module The SSH authentication component provides a function to verify the identity of a user (pam_sm_authenticate()), by prompting the user for a passphrase and verifying that it can decrypt the target user's SSH key using that passphrase. The following options may be passed to the authentication module: debug syslog(3) debugging information at LOG_DEBUG level. use_first_pass If the authentication module is not the first in the stack, and a previous module obtained the user's password, that password is used to authenticate the user. If this fails, the authentication module returns failure without prompting the user for a password. This option has no effect if the authentication module is the first in the stack, or if no previous modules obtained the user's password. try_first_pass This option is similar to the use_first_pass option, except that if the previously obtained password fails, the user is prompted for another password. keyfiles Specify the comma-separated list of files in $HOME/.ssh to check for SSH keys. The default is ``id_dsa,id_rsa,identity''. nullok Allow empty passphrases. SSH Session Management Module The SSH session management component provides functions to initiate (pam_sm_open_session()) and terminate (pam_sm_close_session()) sessions. The pam_sm_open_session() function starts an SSH agent, passing it any private keys it decrypted during the authentication phase, and sets the environment variables the agent specifies. The pam_sm_close_session() function kills the previously started SSH agent by sending it a SIGTERM. The following options may be passed to the session management module: debug syslog(3) debugging information at LOG_DEBUG level.FILES$HOME/.ssh/identity SSH1/OpenSSH RSA key $HOME/.ssh/id_dsa OpenSSH DSA key $HOME/.ssh2/id_rsa_* SSH2 RSA keys $HOME/.ssh2/id_dsa_* SSH2 DSA keysSEE ALSOssh-agent(1), syslog(3), pam.conf(5), pam(8)AUTHORSAndrew J. Korty <ajk@iu.edu> wrote pam_ssh. Dag-Erling Smorgrav wrote the original OpenPAM support code. Mark R V Murray wrote the original version of this manual page.BSDNovember 26, 2001 BSD
Related Man Pages |
---|
ssh-agent(1) - redhat |
ssh-add(1) - suse |
pam_krb5(8) - netbsd |
ssh-add(1) - sunos |
pam_ksu(8) - freebsd |
Similar Topics in the Unix Linux Community |
---|
SSH - Prompting for password |
fg help |
[SSH-RSA] Still prompting for password after generating keys |
Sending password over SSH |
SSH password less setup asking for password |