search

francoismichel / ssh3

SSH3: faster and rich secure shell using HTTP/3, checkout our article here: https://arxiv.org/abs/2312.08396 and our Internet-Draft: https://datatracker.ietf.org/doc/draft-michel-ssh3/
https://arxiv.org/abs/2312.08396
Apache License 2.0
3.18k stars 81 forks source link

ssh3 and PAM #70

Open vaminakov opened 6 months ago

vaminakov commented 6 months ago

For now ssh3 doesnt using pam modules. If you login with password (using the special parameter), server will authorize you even if it have pam modules with 2-factor authentication. I understand that the main purpose is authorization using keys or oidc. Are there any plans to add support for pam modules?

francoismichel commented 6 months ago

There is! It is just a matter of time and finding how to do it in a clean manner. I would like to do it in pure Go without CGO. I really want to carve out CGO from the codebase. Help and thoughts will be very much appreciated on this.

drewwells commented 6 months ago

I'm not sure a native go implementation will exist, without us writing it from scratch. Teleport has this for integration with pam https://github.com/gravitational/teleport/tree/master/lib/pam. We could leverage it. The build parameters are a good idea too, to avoid cgo.