suse man page for pam_ssh

Suse Man Pages All Man Pages Latest Topics Forum Categories

Query: pam_ssh

OS: suse

Section: 8

Format: Original Unix Latex Style Formatted with HTML and a Horizontal Scroll Bar

PAM_SSH(8)						    BSD System Manager's Manual 						PAM_SSH(8)


NAME

     pam_ssh -- authentication and session management with SSH private keys


SYNOPSIS

     [service-name] module-type control-flag pam_ssh [options]


DESCRIPTION

     The SSH authentication service module for PAM, pam_ssh provides functionality for two PAM categories: authentication and session management.
     In terms of the module-type parameter, they are the ``auth'' and ``session'' features.  It also provides null functions for the remaining
     categories.

   SSH Authentication Module
     The SSH authentication component provides a function to verify the identity of a user (pam_sm_authenticate()), by prompting the user for a
     passphrase and verifying that it can decrypt the target user's SSH key using that passphrase.

     The following options may be passed to the authentication module:

     debug	     syslog(3) debugging information at LOG_DEBUG level.

     use_first_pass  If the authentication module is not the first in the stack, and a previous module obtained the user's password, that password
		     is used to authenticate the user.	If this fails, the authentication module returns failure without prompting the user for a
		     password.	This option has no effect if the authentication module is the first in the stack, or if no previous modules
		     obtained the user's password.

     try_first_pass  This option is similar to the use_first_pass option, except that if the previously obtained password fails, the user is
		     prompted for another password.

     keyfiles	     Specify the comma-separated list of files in $HOME/.ssh to check for SSH keys.  The default is ``id_dsa,id_rsa,identity''.

     nullok	     Allow empty passphrases.

   SSH Session Management Module
     The SSH session management component provides functions to initiate (pam_sm_open_session()) and terminate (pam_sm_close_session()) sessions.
     The pam_sm_open_session() function starts an SSH agent, passing it any private keys it decrypted during the authentication phase, and sets
     the environment variables the agent specifies.  The pam_sm_close_session() function kills the previously started SSH agent by sending it a
     SIGTERM.

     The following options may be passed to the session management module:

     debug	     syslog(3) debugging information at LOG_DEBUG level.


FILES

     $HOME/.ssh/identity   SSH1/OpenSSH RSA key
     $HOME/.ssh/id_dsa	   OpenSSH DSA key
     $HOME/.ssh2/id_rsa_*  SSH2 RSA keys
     $HOME/.ssh2/id_dsa_*  SSH2 DSA keys


SEE ALSO

     ssh-agent(1), syslog(3), pam.conf(5), pam(8)


AUTHORS

     Andrew J. Korty <ajk@iu.edu> wrote pam_ssh.  Dag-Erling Smorgrav wrote the original OpenPAM support code.	Mark R V Murray wrote the original
     version of this manual page.


BSD
								 November 26, 2001							       BSD
Related Man Pages
ssh-add(1) - redhat
pam_ksu(8) - netbsd
pam_ssh(8) - freebsd
pam_krb5(8) - freebsd
pam_ksu(8) - freebsd
Similar Topics in the Unix Linux Community
SSH Help
SSH with no password
SSH Keys Authentication keeps asking for password
Perl SSH without a perl module
[SSH-RSA] Still prompting for password after generating keys