sshd: PAM + key authentication

Cédric Jonas cedric at
Sat Mar 3 20:38:47 UTC 2007

Hi all,

I set up a some sshd servers which authenticates their users through a
LDAP DB. To realize this, I used PAM. 
Everything ok until now. 

Then, via PAM (pam_filter) and the host attribute in the LDAP DB, I only
allowed logon on specifical hosts for some users.
After that, I tested this last functionality: I tried to login on a
disallowed host, and it fails - so it works as expected. For this test,
I used password authentication. Later, I tried the same test with key
authentication, and could log in...
After some more investigations, it seems sshd ignores PAM when someone
tries to log in with a key... is there some way to force sshd to
consider PAM in case of key authentication?

Thanks you,

Cédric Jonas                                        cedric at

GPG ID:                                                         30CCFE8D
GPG Key:       
GPG Fingerprint:      CF03 E1FD 9428 1B6B E971  B107 9044 AA99 30CC FE8D

Jabber-ID:                                          cedric at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url :

More information about the freebsd-questions mailing list