Unix/Linux Go Back    


SuSE 11.3 - man page for pam_ssh (suse section 8)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)


PAM_SSH(8)			   BSD System Manager's Manual			       PAM_SSH(8)

NAME
     pam_ssh -- authentication and session management with SSH private keys

SYNOPSIS
     [service-name] module-type control-flag pam_ssh [options]

DESCRIPTION
     The SSH authentication service module for PAM, pam_ssh provides functionality for two PAM
     categories: authentication and session management.  In terms of the module-type parameter,
     they are the ``auth'' and ``session'' features.  It also provides null functions for the
     remaining categories.

   SSH Authentication Module
     The SSH authentication component provides a function to verify the identity of a user
     (pam_sm_authenticate()), by prompting the user for a passphrase and verifying that it can
     decrypt the target user's SSH key using that passphrase.

     The following options may be passed to the authentication module:

     debug	     syslog(3) debugging information at LOG_DEBUG level.

     use_first_pass  If the authentication module is not the first in the stack, and a previous
		     module obtained the user's password, that password is used to authenticate
		     the user.	If this fails, the authentication module returns failure without
		     prompting the user for a password.  This option has no effect if the authen-
		     tication module is the first in the stack, or if no previous modules
		     obtained the user's password.

     try_first_pass  This option is similar to the use_first_pass option, except that if the pre-
		     viously obtained password fails, the user is prompted for another password.

     keyfiles	     Specify the comma-separated list of files in $HOME/.ssh to check for SSH
		     keys.  The default is ``id_dsa,id_rsa,identity''.

     nullok	     Allow empty passphrases.

   SSH Session Management Module
     The SSH session management component provides functions to initiate (pam_sm_open_session())
     and terminate (pam_sm_close_session()) sessions.  The pam_sm_open_session() function starts
     an SSH agent, passing it any private keys it decrypted during the authentication phase, and
     sets the environment variables the agent specifies.  The pam_sm_close_session() function
     kills the previously started SSH agent by sending it a SIGTERM.

     The following options may be passed to the session management module:

     debug	     syslog(3) debugging information at LOG_DEBUG level.

FILES
     $HOME/.ssh/identity   SSH1/OpenSSH RSA key
     $HOME/.ssh/id_dsa	   OpenSSH DSA key
     $HOME/.ssh2/id_rsa_*  SSH2 RSA keys
     $HOME/.ssh2/id_dsa_*  SSH2 DSA keys

SEE ALSO
     ssh-agent(1), syslog(3), pam.conf(5), pam(8)

AUTHORS
     Andrew J. Korty <ajk@iu.edu> wrote pam_ssh.  Dag-Erling Smorgrav wrote the original OpenPAM
     support code.  Mark R V Murray wrote the original version of this manual page.

BSD					November 26, 2001				      BSD
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums


All times are GMT -4. The time now is 12:22 AM.