Pam module which authenticates against an ssh server
pam_sshauth.so [debug] [nostrict] [shm_askpass] [authtries=tries] [try_first_pass] [host=host] [port=port]
pam_sshauth is a PAM module that can be used to authenticate a user based on whether they can ssh into an external machine. It is written using sshlib.
The following PAM environment list variables are set by the module: PAM_SSHAUTH_HOST and PAM_SSHAUTH_PORT. Both of these reflect what was passed on the PAM command line to the module.
The module will attempt to initiate an SSH session with the host specified. It will support public-key, simple password, and keyboard-interactive authentication methods. Note that, in order for keyboard-interactive methods to work, the SSH server must have enabled ChallengeResponseAuthentication in it's configuration. This would be needed if you'd like the pam_sshauth module to handle password expiry messages when talking to the SSH server.
Log debug information to syslog. The LOG_AUTH facility is used.
If contacting a host for which we don't have an entry in known_hosts, ask, via the pam prompts, if you'd like to trust this host, and add it to your known_hosts file. The default will be to fail the authentication.
Properly handle interaction with the ASKPASS helper shm_askpass to allow you to spawn ssh sockets.
Specifies the host we're to authenticate with.
Specifies the port we're to contact the remote ssh server on (if not specified, it defaults to 22).
Specifies the number of times we will try to authenticate. Defaults to 3. Note that this is only the number of times pam_sshauth will try. If the SSH server has a smaller number specified via MaxAuthTries, pam_sshauth will not override that.
Use the authentication token previously obtained by another module in the pam stack. If the token cannot be obtained, the pam_sshauth will prompt for a password.
Only the auth module type is provided.
The user authenticated successfully.
The user did not authenticate successfully.
A system error occurred in establishing the ssh connection to the host specified. Check the syslog for details.
For an authentication line:
auth required pam_sshauth.so debug nostrict host=192.168.0.254 port=22
pam_sshauth was written by Scott Balneaves <[email protected]>.