This PAM module provides single sign-on behavior for SSH. The user types an SSH passphrase when logging in (probably to GDM, KDM, or XDM) and is authenticated if the passphrase successfully decrypts the user’s SSH private key. In the PAM session phase, an ssh-agent process is started and keys are added. For the entire session, the user can SSH to other hosts that accept key authentication without typing any passwords.

So, I spend lot of time searching for issue, why pam_ssh-1.98 doesn’t work with sudo.
There are few things I noticed:

  • You can’t use sudo -s, because it needs root ENVironemnt, which is available only with sudo -i
  • you can’t set sudo without password in /etc/sudoers, otherwise it’ll not work
  • you have to use >=pam_ssh-2.0 (available now in ::ixit overlay
  • all other things should work out-of-box

Why use it?

  • After login, you have auto-magically running ssh-agent
  • When you have own overlay, between syncing emerge –sync or layman -S, it’ll not ask you password

USE="pam_ssh" emerge -v1 pambase

Have fun and don’t forget >=pam_ssh-2.0

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>