This PAM module provides single sign-on behavior for SSH. The user types an SSH passphrase when logging in (probably to GDM, KDM, or XDM) and is authenticated if the passphrase successfully decrypts the user's SSH private key. In the PAM session phase, an ssh-agent process is started and keys are added. For the entire session, the user can SSH to other hosts that accept key authentication without typing any passwords.
Visit the SourceForge project page to download the latest release.
Here's a sample PAM configuration file that employs pam_ssh
.
You could use it just for one service (e.g., install
it as /etc/pam.d/xdm
), but I usually install it as
system-auth-ssh
and use it for multiple services with
pam_stack
.
See the Linux-PAM page for more information on PAM.