g7s
/
systemd-user-pam-ssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Script used to decrypt a SSH key into a systemd --user managed ssh agnet
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
40 KiB
Shell 100%
 
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd3312b5b06'
${ noResults }
Go to file
Evan Purkhiser d3312b5b06 Always exit zero no matter what 
This will ensure we don't error out when a ssh-add fails due to a bad
passphrase
 		12 years ago
LICENSE Add LICENSE and README files 12 years ago
README.md Add another demographic for using this script 12 years ago
systemd-user-pam-ssh Always exit zero no matter what 12 years ago

README.md

Systemd User PAM SSH script

This script has a rather specific use case. If you fit the following demographic then this script might just be for you!

  • You use systemd as a user session manager (either this, or this)
  • You're systemd --user instance default target doesn't start a graphical environment, i.e. you still need to login to activate your graphical session
  • You have a systemd --user service called ssh-agent.service that starts your ssh agent.
  • You have to type your password a second time after logging in in order to decrypt your SSH key.

This script allows you to only type your password once. When logging in, your SSH key will be decrypted and added to your ssh-agent for you.

Usage

There are a few pre-requisites to this script:

  1. Your systemd --user session needs to be running during login time. This won't be a problem if you use one of the user-session services mentioned above.
  2. Your systemd --user instance needs to know about the SSH_AUTH_SOCK. If you're using my systemd-user-sessions package mentioned above then you will want to add this to your ~/.config/bash/environment file as something like SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/ssh-agent.

To enable the script you will want to add this to your pam configuration (probably /etc/pam.d/system-login or /etc/pam.d/login

auth  optional  pam_exec.so  expose_authtok /path/to/the/systemd-user-pam-ssh

Installation

I would recommend placing the script under /usr/lib/systemd/. If you are using Arch Linux you can use the PKGBUILD located here.