Author: A. J. Trickett via Hampshire Date: To: Hants LUG CC: A. J. Trickett Subject: [Hampshire] PAM SSH oddness...!
Not sure who else does this, but it's driven me nuts...!
On my systems with a GUI I have them configured with PAM-SSH, so
you login with a SSH pass-phrase, which is automatically attaches
keys to an SSH agent for you. This is great as you don't have to
do it yourself after you have logged in...!
However if I SSH from one system to another, with forwarded keys
then there are no keys on my agent in the other system..! After I
bit of fiddling I've discovered that by default when you SSH with
UsePAM on in the SSHD config file, you get two SSH agents created
on the remote system. One because you've logged in so PAM adds it
for you, and one because you forwarded a key. The problem is that
it you can only have one in your login shell, and it appears to be
the wrong (empty) one...
I've therefore turned UsePAM off on my SSHD logins... So now I
only get the one agent - which actually has my forwarded keys...!
I don't know how to stop the PAM-SSH module from starting an
unwanted SSH-agent, and creating them only from local login, and as
PAM-SSH isn't that common I've not found much by searching yet.
Don't know if many people use PAM-SSH, but putting it out there!
Saint-Malo, Bretagne, FRANCE
Glory is fleeting, but obscurity is forever.
-- Napoleon Bonaparte