ssh3 icon indicating copy to clipboard operation
ssh3 copied to clipboard
verified publisher icon francoismichel

ssh3 and PAM

Open vaminakov opened this issue 2 years ago • 2 comments

For now ssh3 doesnt using pam modules. If you login with password (using the special parameter), server will authorize you even if it have pam modules with 2-factor authentication. I understand that the main purpose is authorization using keys or oidc. Are there any plans to add support for pam modules?

vaminakov avatar Dec 18 '23 13:12 vaminakov

There is! It is just a matter of time and finding how to do it in a clean manner. I would like to do it in pure Go without CGO. I really want to carve out CGO from the codebase. Help and thoughts will be very much appreciated on this.

francoismichel avatar Dec 18 '23 14:12 francoismichel

I'm not sure a native go implementation will exist, without us writing it from scratch. Teleport has this for integration with pam https://github.com/gravitational/teleport/tree/master/lib/pam. We could leverage it. The build parameters are a good idea too, to avoid cgo.

drewwells avatar Dec 21 '23 19:12 drewwells