LinuxQuestions.org - How pam authentication works with ssh keys ?

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - How pam authentication works with ssh keys ? (https://www.linuxquestions.org/questions/linux-security-4/how-pam-authentication-works-with-ssh-keys-4175656774/)

paraggupta1989

07-03-2019 12:31 AM

How pam authentication works with ssh keys ?

does pam auth module get called while using key for ssh login ?

below is my sshd config setting ::

# Enable public key authentication
PubkeyAuthentication yes

# Never use host-based authentication. It can be exploited.
IgnoreRhosts yes
IgnoreUserKnownHosts yes
HostbasedAuthentication no

# Enable PAM to enforce system wide rules
UsePAM yes

berndbausch

07-03-2019 07:18 AM

Judging from https://bugzilla.redhat.com/show_bug.cgi?id=1492313, sshd only uses PAM authentication with password-based login.

Quote:

The auth section of PAM stack is executed only for the password (or keyboard-interactive too?) authentication. For others, the auth section is skipped. Even though it might be confusing at first, this is how it always was and the only way how it makes sense, since for example in public key authentication, you do not have any authentication tokens that could PAM accept in pam_authenticate(). Therefore SSH calls just account and session sections.

paraggupta1989

07-03-2019 11:36 PM

Thanks this was helpful .

Turbocapitalist

07-03-2019 11:58 PM

Also, look at the AuthenticationMethods configuration directive in the manuage page for sshd_config. You can use it to require multiple authentication methods in a particular sequence. So if you want PAM after getting a valid key-based authentication then that's doable.

All times are GMT -5. The time now is 03:02 PM.