diff options
author | des <des@FreeBSD.org> | 2003-02-09 21:20:44 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2003-02-09 21:20:44 +0000 |
commit | 3dcafca1321273488ef90644cf31b7fabb25d62e (patch) | |
tree | f1b3234c10a3d4caf37627f386f99578662de6bb /lib/libpam/modules/pam_ssh/pam_ssh.8 | |
parent | dfbc8a7fc013e99fd5a35d3ed44a49de3bc098f2 (diff) | |
download | FreeBSD-src-3dcafca1321273488ef90644cf31b7fabb25d62e.zip FreeBSD-src-3dcafca1321273488ef90644cf31b7fabb25d62e.tar.gz |
Complete rewrite of pam_ssh(8). The previous version was becoming hard
to maintain, and had security issues which would have required a major
rewrite to address anyway.
This implementation currently starts a separate agent for each session
instead of connecting each new session to the agent started by the first
one. While this would be a Good Thing (and the old pam_ssh(8) tried to
do it), it's hard to get right. I'll revisit this issue when I've had a
chance to test some modifications to ssh-agent(1).
Diffstat (limited to 'lib/libpam/modules/pam_ssh/pam_ssh.8')
-rw-r--r-- | lib/libpam/modules/pam_ssh/pam_ssh.8 | 50 |
1 files changed, 23 insertions, 27 deletions
diff --git a/lib/libpam/modules/pam_ssh/pam_ssh.8 b/lib/libpam/modules/pam_ssh/pam_ssh.8 index 1889ffe..9fe1ec4 100644 --- a/lib/libpam/modules/pam_ssh/pam_ssh.8 +++ b/lib/libpam/modules/pam_ssh/pam_ssh.8 @@ -1,6 +1,6 @@ .\" Copyright (c) 2001 Mark R V Murray .\" All rights reserved. -.\" Copyright (c) 2001 Networks Associates Technology, Inc. +.\" Copyright (c) 2001-2003 Networks Associates Technology, Inc. .\" All rights reserved. .\" .\" This software was developed for the FreeBSD Project by ThinkSec AS and @@ -32,7 +32,6 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.\" $Id: pam_ssh.8,v 1.3 2002/04/09 02:13:44 akorty Exp $ .\" $FreeBSD$ .\" .Dd November 26, 2001 @@ -62,7 +61,6 @@ parameter, they are the and .Dq Li session features. -It also provides null functions for the remaining categories. .Ss SSH Authentication Module The SSH @@ -74,11 +72,6 @@ decrypt the target user's SSH key using that passphrase. .Pp The following options may be passed to the authentication module: .Bl -tag -width ".Cm use_first_pass" -.It Cm debug -.Xr syslog 3 -debugging information at -.Dv LOG_DEBUG -level. .It Cm use_first_pass If the authentication module is not the first in the stack, @@ -124,33 +117,36 @@ by sending it a .Dv SIGTERM . .Pp The following options may be passed to the session management module: -.Bl -tag -width ".Cm use_first_pass" -.It Cm debug -.Xr syslog 3 -debugging information at -.Dv LOG_DEBUG -level. +.Bl -tag -width ".Cm want_agent" +.It Cm want_agent +Start an agent even if no keys were decrypted during the +authentication phase. .El .Sh FILES -.Bl -tag -width ".Pa $HOME/.ssh2/id_dsa_*" -compact +.Bl -tag -width ".Pa $HOME/.ssh/identity" -compact .It Pa $HOME/.ssh/identity -SSH1/OpenSSH RSA key +SSH1 RSA key +.It Pa $HOME/.ssh/id_rsa +SSH2 RSA key .It Pa $HOME/.ssh/id_dsa -OpenSSH DSA key -.It Pa $HOME/.ssh2/id_rsa_* -SSH2 RSA keys -.It Pa $HOME/.ssh2/id_dsa_* -SSH2 DSA keys +SSH2 DSA key .El .Sh SEE ALSO .Xr ssh-agent 1 , -.Xr syslog 3 , .Xr pam.conf 5 , .Xr pam 8 .Sh AUTHORS +The +.Nm +module was originally written by .An -nosplit -.An "Andrew J. Korty" Aq ajk@iu.edu -wrote -.Nm . -.An "Mark R V Murray" -wrote this manual page. +.An "Andrew J. Korty" Aq ajk@iu.edu . +The current implementation was developed for the +.Fx +Project by +ThinkSec AS and NAI Labs, the Security Research Division of Network +Associates, Inc. under DARPA/SPAWAR contract N66001-01-C-8035 +.Pq Dq CBOSS , +as part of the DARPA CHATS research program. +This manual page was written by +.An "Mark R V Murray" Aq markm@FreeBSD.ORG . |