| View previous topic :: View next topic |
| Author |
Message |
Mr. M
Tux's lil' helper
Joined: 18 Sep 2004
Posts: 89
Location: USA
|
 Posted: Thu Oct 21, 2004 10:02 am Post subject: using ssh-private-key password to logg in & start ssh-ag |
 |
|
Hi
I found a very nice "trick" which allows me to use my ssh-private-key password to logg into my system and start ssh-agent automatically (also from xdm). This way I only have to type in one password.
How to do it:
1.
2. change your /etc/pam.d/system-auth that it looks like this:
(third and last line added)
| Code: |
auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_unix.so likeauth nullok
auth sufficient /lib/security/pam_ssh.so
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok md5 shadow...
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ssh.so |
3. logg out and try if logging in with your ssh-private-key password
Of course you should not use this method if you don´t use a password for
your private key.. |
|
| Back to top |
|
 |
rojaro
l33t
Joined: 06 May 2002
Posts: 732
|
| Posted: Thu Oct 21, 2004 11:03 pm Post subject: |
|
|
Nice tip, didnt know about that pam module ... thx :)
_________________
A mathematician is a machine for turning coffee into theorems. ~ Alfred Renyi (*1921 - †1970) |
|
| Back to top |
|
|
Palhoto
Tux's lil' helper
Joined: 27 Feb 2003
Posts: 102
Location: Iberian Peninsula
|
| Posted: Tue Nov 02, 2004 4:52 pm Post subject: Worked before recent "emerge world" |
|
|
Hi,
Before I updated 80+ packages, this worked. I can login via my private key but ssh-agent doesn't seem to work now, "ssh <server>" asks for my dsa private key passphrase, which didn't happen before. The pam_ssh config file hasn't changed.
I don't usually keep track of my package updates, and being more than 80 packages that I emerged in the last two days, I'm not sure what package(s) caused this behaviour.
Does anyone else have the same problem? Solved it?
I really don't have time to dig into this right now. I can however post any configs/logs that you may think be relevant for solving this problem. I just don't know where to start.
Thanks, |
|
| Back to top |
|
|
Tyger
n00b
Joined: 25 Jul 2004
Posts: 30
Location: Germany
|
| Posted: Fri Nov 05, 2004 6:46 pm Post subject: Re: Worked before recent "emerge world" |
|
|
| Palhoto wrote: |
Does anyone else have the same problem? Solved it?
|
I had. I did.
After running 'emerge -auvD world' pam_ssh was broken. My /etc/pam.d/system-auth was overwritten with a standard file - I don't know if I was to stupid to check the list etc-update gave me or if /etc/pam.d/ isn't protected. After restoring system-auth (see first post above) everything works as before.
Cya, Ed
_________________
Join the adopt an unanswered question initiative now |
|
| Back to top |
|
|
Palhoto
Tux's lil' helper
Joined: 27 Feb 2003
Posts: 102
Location: Iberian Peninsula
|
| Posted: Sat Nov 06, 2004 2:19 am Post subject: Re: Worked before recent "emerge world" |
|
|
| Tyger wrote: |
After running 'emerge -auvD world' pam_ssh was broken. My /etc/pam.d/system-auth was overwritten with a standard file - I don't know if I was to stupid to check the list etc-update gave me or if /etc/pam.d/ isn't protected. After restoring system-auth (see first post above) everything works as before.
|
I thank you for your reply, though I had already checked that file and I refered to it in my previous post:
| Palhoto wrote: |
The pam_ssh config file hasn't changed.
|
Best regards, |
|
| Back to top |
|
|
Tyger
n00b
Joined: 25 Jul 2004
Posts: 30
Location: Germany
|
|
| Back to top |
|
|
Palhoto
Tux's lil' helper
Joined: 27 Feb 2003
Posts: 102
Location: Iberian Peninsula
|
| Posted: Sat Nov 06, 2004 1:10 pm Post subject: |
|
|
| Tyger wrote: | | Did you run 'revdep-rebuild' yet? Maybe a dependancy is broken. |
No, I'll try it now. Post back when it is done. Thanks  . |
|
| Back to top |
|
|
Palhoto
Tux's lil' helper
Joined: 27 Feb 2003
Posts: 102
Location: Iberian Peninsula
|
| Posted: Mon Nov 08, 2004 12:46 pm Post subject: |
|
|
| Palhoto wrote: | | Tyger wrote: | | Did you run 'revdep-rebuild' yet? Maybe a dependancy is broken. |
No, I'll try it now. Post back when it is done. Thanks . |
I tried it but it generates an emerge command with the following error:
| Code: | | emerge: there are no ebuilds to satisfy "=kde-base/kdebase-3.2.1" |
.
Some more days to figure out how to solve this.
Cya soon, |
|
| Back to top |
|
|
Palhoto
Tux's lil' helper
Joined: 27 Feb 2003
Posts: 102
Location: Iberian Peninsula
|
| Posted: Thu Jun 16, 2005 1:07 am Post subject: |
|
|
Bump.
I now have kernel 2.6.9-gentoo-r11 , pam_ssh-1.9.
I can login locally with the private key password. But whenever I try to "ssh <some_machine>" in which I have a public key, I still get asked for my ssh private key password.
I changed the /etc/pam.d/system-auth file, so it would be just as the example file they provide.
| Code: | auth required /lib/security/pam_env.so
auth sufficient /lib/security/pam_ssh.so
auth sufficient /lib/security/pam_unix.so use_first_pass ikeauth nullok nodelay
auth required /lib/security/pam_deny.so
account required /lib/security/pam_unix.so
password required /lib/security/pam_cracklib.so retry=3
password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok
password required /lib/security/pam_deny.so
session required /lib/security/pam_limits.so
session required /lib/security/pam_unix.so
session optional /lib/security/pam_ssh.so |
This way I don't have to type a dummy password before I type the private key password (in text console mode), which used to be an anoyance. |
|
| Back to top |
|
|
Palhoto
Tux's lil' helper
Joined: 27 Feb 2003
Posts: 102
Location: Iberian Peninsula
|
|
| Back to top |
|
|
|
Documentation, Tips & Tricks
