search

jbeverly / pam_ssh_agent_auth

Moving pam_ssh_agent_auth to github as primary development location
Other
98 stars 27 forks source link

Support certs / CA auth. #31

Open YellowOnion opened 3 years ago

YellowOnion commented 3 years ago

It would be nice to support "User CA's".

https://man.openbsd.org/ssh-keygen#CERTIFICATES

There's already pam_ussh but it's more dependencies than integrating it with this project.

programmerq commented 2 years ago

I just tried this and found it didn't work. Adding the error message in case it helps someone find it:

Jun 01 15:28:34 brain sudo[1955519]: pam_ssh_agent_auth: error: key_from_blob: remaining bytes in key blob 1294
Jun 01 15:28:34 brain sudo[1955519]: pam_ssh_agent_auth: Failed Authentication: `jeff' as `jeff' using /home/jeff/.ssh/authorized_keys

My keys that are not certs work with my config.