pam.d/sshd

Nikolay Pavlov quetzal at zone3000.net
Fri Dec 1 11:20:51 PST 2006 

On Thursday, 23 November 2006 at  9:53:26 +0100, Stefan Thurner wrote:
> Hi!
> 
> I would like to activate ssh-agent automatically if I login 
> via ssh.
> 
> My /etc/pam.d/sshd looks like:
> 
> # auth
> auth  required    pam_nologin.so     no_warn
> auth  sufficient  pam_opie.so        no_warn no_fake_prompts
> auth  requisite   pam_opieaccess.so  no_warn allow_local
> auth  required    pam_unix.so        no_warn try_first_pass
> auth  optional    pam_ssh.so         no_warn try_first_pass
> 
> # account
> account  required  pam_login_access.so
> account  required  pam_unix.so
> 
> # session
> session  optional  pam_ssh.so
> session  required  pam_permit.so
> 
> # password
> password  required  pam_unix.so  no_warn try_first_pass
> 
> At ssh login I have to type in login password and password 
> for my ssh-key as expected but no ssh-agent is started. Any 
> ideas?

Hi Stefan.
/etc/pam.d/sshd pam file is for sshd server not for ssh client.
If you want to use ssh-agent whole the time your box is online you
should start it right after login. In order to doing this add 
"session         optional        pam_ssh.so              want_agent"
line into session facility of /etc/pam.d/system file (it's included
into /etc/pam.d/login so don't worry). If you prefer X terminals add 
this string to /etc/pam.d/kdm or gdm or xdm file.

Don't forget to load you privat key with ssh-add command first time you
use ssh.

> 
> best regards
> -Stefan
> -- 
> Chemnitz University of Technology / Welding Engineering
> Stefan Thurner
> Phone / Fax: +49 371 531-32403 / -23729
> Email: stefan.thurner at mb.tu-chemnitz.de
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"

-- 
======================================================================  
- Best regards, Nikolay Pavlov. <<<-----------------------------------    
======================================================================

More information about the freebsd-stable mailing list