pam_ssh

This PAM module provides single sign-on behavior for SSH. The user types an SSH passphrase when logging in (probably to GDM, KDM, or XDM) and is authenticated if the passphrase successfully decrypts the user's SSH private key. In the PAM session phase, an ssh-agent process is started and keys are added. For the entire session, the user can SSH to other hosts that accept key authentication without typing any passwords.

Visit the SourceForge project page to download the latest release.

Here's a sample PAM configuration file that employs pam_ssh. You could use it just for one service (e.g., install it as /etc/pam.d/xdm), but I usually install it as system-auth-ssh and use it for multiple services with pam_stack.

#%PAM-1.0 auth required /lib/security/pam_env.so auth sufficient /lib/security/pam_ssh.so auth sufficient /lib/security/pam_unix.so try_first_pass likeauth nullok auth required /lib/security/pam_deny.so account required /lib/security/pam_unix.so password required /lib/security/pam_cracklib.so retry=3 password sufficient /lib/security/pam_unix.so nullok md5 shadow use_authtok password required /lib/security/pam_deny.so session required /lib/security/pam_limits.so session sufficient /lib/security/pam_ssh.so session required /lib/security/pam_unix.so

See the Linux-PAM page for more information on PAM.