envoy icon indicating copy to clipboard operation
envoy copied to clipboard

Published 20 hours ago verified publisher icon vodik

unlocking ssh-agent keys via pam

Open vovan69 opened this issue 10 years ago • 3 comments

As I understood it's possible to unlock ssh-keys automatically using pam auth with pam_envoy. However this useful feature doesn't work (at least) for me. I'd appreciate any ideas regarding debugging this issue.

envoy v8-12-g8a2881f

vovan69 avatar Jun 04 '14 05:06 vovan69

Are you using gpg-agent or ssh-agent?

vodik avatar Jun 06 '14 18:06 vodik

I'm using only ssh-agent:

  • systemd: @[email protected]
  • pam: auth optional /usr/lib/security/pam_envoy.so
  • pam: session optional /usr/lib/security/pam_envoy.so ssh-agent

vovan69 avatar Jun 07 '14 04:06 vovan69

Yeah that's not implemented and I don't know if I ever will unless someone write the code for me :wink:. Its only implemented for gpg-agent because I use gpg-agent and was relatively straightforward.

It might be possible to take the existing pam_ssh.so and tack on envoy to use to fetch the agent's socket.

vodik avatar Jun 08 '14 23:06 vodik