I want to use pam_ssh with gdm to "streamline" my login. From reading
the pam_ssh man page, it claims that the session module starts ssh-agent
and passes any authenticated keys. Keys get authenticated during the
"auth" phase.
I currently have the following lines in /etc/pam.conf:
# GDM (GNOME Display Manager)
gdm auth required pam_unix.so
gdm auth optional pam_ssh.so debug
gdm account required pam_unix.so try_first_pass
gdm session required pam_ssh.so debug
gdm password required pam_deny.so
During login, I get prompted for my ZUNIX password and for my SSH
passphrase. I enter both, and the authentication *always* fails on the
first try, logging the following to syslog:
Oct 13 07:24:30 zircon gdm[186]: Couldn't open session for joek
Then, gdm resets and I reenter the password and passphrase. The second
time, I get in. Apparantly, now ssh-agent has started, but pam_ssh did
not pass along any authentication information, so I have to call ssh-add
by hand to actually enter the key information. This means that every
time I log in, I have to type my password twice and my passphrase three
times.
Notice that I set the "debug" flag to pam_ssh. However, I cannot find
any trace of debug information in any syslog. I have even turned on
/var/log/all.log (*.*) and I still get absolutely no information from pam.
What do I need to do to make pam_ssh actually do what the manual page
says it does? I want it to set up my keys with the ssh-agent it starts
on the first try without this seemingly needless "first try failure".
I hope that someone has some information to help me out. Does anyone
actually *use* pam_ssh?
/Joe