systemd-user-pam-ssh

Script used to decrypt a SSH key into a systemd --user managed ssh agnet

You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Go to file

Evan Purkhiser c5f5f6bae3 Directly link to the PKGBUILD		12 years ago
LICENSE	Add LICENSE and README files	12 years ago
README.md	Directly link to the PKGBUILD	12 years ago
systemd-user-pam-ssh	Inital commit of script	12 years ago

Systemd User SSH PAM

This script has a rather specific use case. If you fit the following demographic then this script might just be for you!

You use systemd as a user session manager (either this, or this
You have a systemd --user service called ssh-agent.service that starts your ssh agent.
You hav to type your password a second time after logging in in order to decrypt your SSH key.

This script lets you only type your password one, both logging you in and decrypting your ssh key and adding it to your agent.

There are a few pre-requisits to this script:

Your systemd --user session needs to be started during login time. This wont be a problem if you use one of the user-session services mentioned above.
Your systemd --user instance needs to know about the SSH_AUTH_SOCK. If you're using my systemd-user-sessions package mentioned abouve then you will want to add this to your ~/.config/bash/environment file as something like SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/ssh-agent

To enable the script you will want to add this to your pam configuration (probably /etc/pam.d/system-login or /etc/pam.d/login

auth  optional  pam_exec.so  expose_authtok /path/to/the/systemd-user-pam-ssh

I would recomend placing the script under /usr/lib/systemd/. If you are using Arch Linux you can use the PKGBUILD located here