sbradnick/pam-ssh-agent
SHA256
0
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1 Commit 1 Branch 0 Tags
main
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE

README.md

pam-ssh-agent

URL: pam-ssh-agent

The goal of this project is to provide a PAM authentication module determining the identity of a user based on a signature request and response sent via the ssh-agent protocol to a potentially remote ssh-agent.

One scenario that this module can be used in is to grant escalated privileges on a remote system accessed using ssh with agent forwarding enabled and the sudo command. The user proves their identity by signing a challenge using their private key, and the signature is verified using a public key made available to the pam-ssh-agent module on the server. Combined with a setup where the private part of an authentication keypair is stored in custom hardware such as a YubiKey, a TPM chip, or the macOS secure enclave, this can provide a high level of security as well as convenience. I use the Secretive app on macOS for this purpose.

This project is re-implementation of the pam_ssh_agent_auth module but does not share any code with that project. We are pretty close to covering all the features of the original implementation, along with some additional features such as SSH Certificate based authentication.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme 19 MiB
Languages
RPM Spec 100%