Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
using ssh-private-key password to logg in & start ssh-ag
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks
View previous topic :: View next topic  
Author Message
Mr. M
Tux's lil' helper
Tux's lil' helper


Joined: 18 Sep 2004
Posts: 89
Location: USA

PostPosted: Thu Oct 21, 2004 10:02 am    Post subject: using ssh-private-key password to logg in & start ssh-ag Reply with quote

Hi

I found a very nice "trick" which allows me to use my ssh-private-key password to logg into my system and start ssh-agent automatically (also from xdm). This way I only have to type in one password.

How to do it:

1.
Code:
emerge pam_ssh


2. change your /etc/pam.d/system-auth that it looks like this:
(third and last line added)
Code:

auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_unix.so likeauth nullok
auth       sufficient   /lib/security/pam_ssh.so
auth       required     /lib/security/pam_deny.so

account    required     /lib/security/pam_unix.so

password   required     /lib/security/pam_cracklib.so retry=3
password   sufficient   /lib/security/pam_unix.so nullok md5 shadow...
password   required     /lib/security/pam_deny.so

session    required     /lib/security/pam_limits.so
session    required     /lib/security/pam_unix.so
session    optional     /lib/security/pam_ssh.so


3. logg out and try if logging in with your ssh-private-key password

Of course you should not use this method if you don´t use a password for
your private key..
Back to top
View user's profile Send private message
rojaro
l33t
l33t


Joined: 06 May 2002
Posts: 732

PostPosted: Thu Oct 21, 2004 11:03 pm    Post subject: Reply with quote

Nice tip, didnt know about that pam module ... thx :)
_________________
A mathematician is a machine for turning coffee into theorems. ~ Alfred Renyi (*1921 - †1970)
Back to top
View user's profile Send private message
Palhoto
Tux's lil' helper
Tux's lil' helper


Joined: 27 Feb 2003
Posts: 102
Location: Iberian Peninsula

PostPosted: Tue Nov 02, 2004 4:52 pm    Post subject: Worked before recent "emerge world" Reply with quote

Hi,

Before I updated 80+ packages, this worked. I can login via my private key but ssh-agent doesn't seem to work now, "ssh <server>" asks for my dsa private key passphrase, which didn't happen before. The pam_ssh config file hasn't changed.

I don't usually keep track of my package updates, and being more than 80 packages that I emerged in the last two days, I'm not sure what package(s) caused this behaviour.

Does anyone else have the same problem? Solved it?

I really don't have time to dig into this right now. I can however post any configs/logs that you may think be relevant for solving this problem. I just don't know where to start.

Thanks,
Back to top
View user's profile Send private message
Tyger
n00b
n00b


Joined: 25 Jul 2004
Posts: 30
Location: Germany

PostPosted: Fri Nov 05, 2004 6:46 pm    Post subject: Re: Worked before recent "emerge world" Reply with quote

Palhoto wrote:

Does anyone else have the same problem? Solved it?


I had. I did.

After running 'emerge -auvD world' pam_ssh was broken. My /etc/pam.d/system-auth was overwritten with a standard file - I don't know if I was to stupid to check the list etc-update gave me or if /etc/pam.d/ isn't protected. After restoring system-auth (see first post above) everything works as before.

Cya, Ed
_________________
Join the adopt an unanswered question initiative now
Back to top
View user's profile Send private message
Palhoto
Tux's lil' helper
Tux's lil' helper


Joined: 27 Feb 2003
Posts: 102
Location: Iberian Peninsula

PostPosted: Sat Nov 06, 2004 2:19 am    Post subject: Re: Worked before recent "emerge world" Reply with quote

Tyger wrote:

After running 'emerge -auvD world' pam_ssh was broken. My /etc/pam.d/system-auth was overwritten with a standard file - I don't know if I was to stupid to check the list etc-update gave me or if /etc/pam.d/ isn't protected. After restoring system-auth (see first post above) everything works as before.


I thank you for your reply, though I had already checked that file and I refered to it in my previous post:
Palhoto wrote:

The pam_ssh config file hasn't changed.

Best regards,
Back to top
View user's profile Send private message
Tyger
n00b
n00b


Joined: 25 Jul 2004
Posts: 30
Location: Germany

PostPosted: Sat Nov 06, 2004 11:23 am    Post subject: Reply with quote

Did you run 'revdep-rebuild' yet? Maybe a dependancy is broken.

Cya, Ed
_________________
Join the adopt an unanswered question initiative now
Back to top
View user's profile Send private message
Palhoto
Tux's lil' helper
Tux's lil' helper


Joined: 27 Feb 2003
Posts: 102
Location: Iberian Peninsula

PostPosted: Sat Nov 06, 2004 1:10 pm    Post subject: Reply with quote

Tyger wrote:
Did you run 'revdep-rebuild' yet? Maybe a dependancy is broken.


No, I'll try it now. Post back when it is done. Thanks :).
Back to top
View user's profile Send private message
Palhoto
Tux's lil' helper
Tux's lil' helper


Joined: 27 Feb 2003
Posts: 102
Location: Iberian Peninsula

PostPosted: Mon Nov 08, 2004 12:46 pm    Post subject: Reply with quote

Palhoto wrote:
Tyger wrote:
Did you run 'revdep-rebuild' yet? Maybe a dependancy is broken.


No, I'll try it now. Post back when it is done. Thanks :).

I tried it but it generates an emerge command with the following error:
Code:
emerge: there are no ebuilds to satisfy "=kde-base/kdebase-3.2.1"
.

Some more days to figure out how to solve this.

Cya soon,
Back to top
View user's profile Send private message
Palhoto
Tux's lil' helper
Tux's lil' helper


Joined: 27 Feb 2003
Posts: 102
Location: Iberian Peninsula

PostPosted: Thu Jun 16, 2005 1:07 am    Post subject: Reply with quote

Bump.

I now have kernel 2.6.9-gentoo-r11 , pam_ssh-1.9.

I can login locally with the private key password. But whenever I try to "ssh <some_machine>" in which I have a public key, I still get asked for my ssh private key password.

I changed the /etc/pam.d/system-auth file, so it would be just as the example file they provide.

Code:
auth       required     /lib/security/pam_env.so
auth       sufficient   /lib/security/pam_ssh.so
auth       sufficient   /lib/security/pam_unix.so use_first_pass ikeauth nullok nodelay
auth       required     /lib/security/pam_deny.so

account    required     /lib/security/pam_unix.so

password   required     /lib/security/pam_cracklib.so retry=3
password   sufficient   /lib/security/pam_unix.so nullok md5 shadow use_authtok
password   required     /lib/security/pam_deny.so

session    required     /lib/security/pam_limits.so
session    required     /lib/security/pam_unix.so
session    optional     /lib/security/pam_ssh.so


This way I don't have to type a dummy password before I type the private key password (in text console mode), which used to be an anoyance.
Back to top
View user's profile Send private message
Palhoto
Tux's lil' helper
Tux's lil' helper


Joined: 27 Feb 2003
Posts: 102
Location: Iberian Peninsula

PostPosted: Tue Jun 28, 2005 8:52 pm    Post subject: Finally! Reply with quote

Finally, I found the missing piece.

From https://forums.gentoo.org/viewtopic-p-2419914.html#2419914

Code:
emerge keychain

Then add the following to .bash_profile:

Code:
keychain ~/.ssh/id_dsa
. ~/.keychain/$HOSTNAME-sh
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Documentation, Tips & Tricks All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum