Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 1 Dec 2006 21:20:07 +0200
From:      Nikolay Pavlov <quetzal@zone3000.net>
To:        Stefan Thurner <stefan.thurner@mb.tu-chemnitz.de>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: pam.d/sshd
Message-ID:  <20061201192007.GA57365@zone3000.net>
In-Reply-To: <Pine.LNX.4.64.0611230934390.18434@herkules.hrz.tu-chemnitz.de>
References:  <Pine.LNX.4.64.0611230934390.18434@herkules.hrz.tu-chemnitz.de>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Thursday, 23 November 2006 at  9:53:26 +0100, Stefan Thurner wrote:
> Hi!
> 
> I would like to activate ssh-agent automatically if I login 
> via ssh.
> 
> My /etc/pam.d/sshd looks like:
> 
> # auth
> auth  required    pam_nologin.so     no_warn
> auth  sufficient  pam_opie.so        no_warn no_fake_prompts
> auth  requisite   pam_opieaccess.so  no_warn allow_local
> auth  required    pam_unix.so        no_warn try_first_pass
> auth  optional    pam_ssh.so         no_warn try_first_pass
> 
> # account
> account  required  pam_login_access.so
> account  required  pam_unix.so
> 
> # session
> session  optional  pam_ssh.so
> session  required  pam_permit.so
> 
> # password
> password  required  pam_unix.so  no_warn try_first_pass
> 
> At ssh login I have to type in login password and password 
> for my ssh-key as expected but no ssh-agent is started. Any 
> ideas?

Hi Stefan.
/etc/pam.d/sshd pam file is for sshd server not for ssh client.
If you want to use ssh-agent whole the time your box is online you
should start it right after login. In order to doing this add 
"session         optional        pam_ssh.so              want_agent"
line into session facility of /etc/pam.d/system file (it's included
into /etc/pam.d/login so don't worry). If you prefer X terminals add 
this string to /etc/pam.d/kdm or gdm or xdm file.

Don't forget to load you privat key with ssh-add command first time you
use ssh.

> 
> best regards
> -Stefan
> -- 
> Chemnitz University of Technology / Welding Engineering
> Stefan Thurner
> Phone / Fax: +49 371 531-32403 / -23729
> Email: stefan.thurner@mb.tu-chemnitz.de
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"

-- 
======================================================================  
- Best regards, Nikolay Pavlov. <<<-----------------------------------    
======================================================================

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061201192007.GA57365>