summaryrefslogtreecommitdiffstats
path: root/lib/libpam/modules/pam_ssh/pam_ssh.8
diff options
context:
space:
mode:
authordes <des@FreeBSD.org>2003-02-09 21:20:44 +0000
committerdes <des@FreeBSD.org>2003-02-09 21:20:44 +0000
commit3dcafca1321273488ef90644cf31b7fabb25d62e (patch)
treef1b3234c10a3d4caf37627f386f99578662de6bb /lib/libpam/modules/pam_ssh/pam_ssh.8
parentdfbc8a7fc013e99fd5a35d3ed44a49de3bc098f2 (diff)
downloadFreeBSD-src-3dcafca1321273488ef90644cf31b7fabb25d62e.zip
FreeBSD-src-3dcafca1321273488ef90644cf31b7fabb25d62e.tar.gz
Complete rewrite of pam_ssh(8). The previous version was becoming hard
to maintain, and had security issues which would have required a major rewrite to address anyway. This implementation currently starts a separate agent for each session instead of connecting each new session to the agent started by the first one. While this would be a Good Thing (and the old pam_ssh(8) tried to do it), it's hard to get right. I'll revisit this issue when I've had a chance to test some modifications to ssh-agent(1).
Diffstat (limited to 'lib/libpam/modules/pam_ssh/pam_ssh.8')
-rw-r--r--lib/libpam/modules/pam_ssh/pam_ssh.850
1 files changed, 23 insertions, 27 deletions
diff --git a/lib/libpam/modules/pam_ssh/pam_ssh.8 b/lib/libpam/modules/pam_ssh/pam_ssh.8
index 1889ffe..9fe1ec4 100644
--- a/lib/libpam/modules/pam_ssh/pam_ssh.8
+++ b/lib/libpam/modules/pam_ssh/pam_ssh.8
@@ -1,6 +1,6 @@
.\" Copyright (c) 2001 Mark R V Murray
.\" All rights reserved.
-.\" Copyright (c) 2001 Networks Associates Technology, Inc.
+.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc.
.\" All rights reserved.
.\"
.\" This software was developed for the FreeBSD Project by ThinkSec AS and
@@ -32,7 +32,6 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.\" $Id: pam_ssh.8,v 1.3 2002/04/09 02:13:44 akorty Exp $
.\" $FreeBSD$
.\"
.Dd November 26, 2001
@@ -62,7 +61,6 @@ parameter, they are the
and
.Dq Li session
features.
-It also provides null functions for the remaining categories.
.Ss SSH Authentication Module
The
SSH
@@ -74,11 +72,6 @@ decrypt the target user's SSH key using that passphrase.
.Pp
The following options may be passed to the authentication module:
.Bl -tag -width ".Cm use_first_pass"
-.It Cm debug
-.Xr syslog 3
-debugging information at
-.Dv LOG_DEBUG
-level.
.It Cm use_first_pass
If the authentication module
is not the first in the stack,
@@ -124,33 +117,36 @@ by sending it a
.Dv SIGTERM .
.Pp
The following options may be passed to the session management module:
-.Bl -tag -width ".Cm use_first_pass"
-.It Cm debug
-.Xr syslog 3
-debugging information at
-.Dv LOG_DEBUG
-level.
+.Bl -tag -width ".Cm want_agent"
+.It Cm want_agent
+Start an agent even if no keys were decrypted during the
+authentication phase.
.El
.Sh FILES
-.Bl -tag -width ".Pa $HOME/.ssh2/id_dsa_*" -compact
+.Bl -tag -width ".Pa $HOME/.ssh/identity" -compact
.It Pa $HOME/.ssh/identity
-SSH1/OpenSSH RSA key
+SSH1 RSA key
+.It Pa $HOME/.ssh/id_rsa
+SSH2 RSA key
.It Pa $HOME/.ssh/id_dsa
-OpenSSH DSA key
-.It Pa $HOME/.ssh2/id_rsa_*
-SSH2 RSA keys
-.It Pa $HOME/.ssh2/id_dsa_*
-SSH2 DSA keys
+SSH2 DSA key
.El
.Sh SEE ALSO
.Xr ssh-agent 1 ,
-.Xr syslog 3 ,
.Xr pam.conf 5 ,
.Xr pam 8
.Sh AUTHORS
+The
+.Nm
+module was originally written by
.An -nosplit
-.An "Andrew J. Korty" Aq ajk@iu.edu
-wrote
-.Nm .
-.An "Mark R V Murray"
-wrote this manual page.
+.An "Andrew J. Korty" Aq ajk@iu.edu .
+The current implementation was developed for the
+.Fx
+Project by
+ThinkSec AS and NAI Labs, the Security Research Division of Network
+Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035
+.Pq Dq CBOSS ,
+as part of the DARPA CHATS research program.
+This manual page was written by
+.An "Mark R V Murray" Aq markm@FreeBSD.ORG .
OpenPOWER on IntegriCloud