Reputation: 2195
SSHD skips PAM auth
I developed a PAM module for authentication and I want SSH to use it. I put it on the top of the /etc/pam.d/sshd stack, but it is not called. I know for sure that the module works because I integrated it in the login.
How do I have to set the /etc/ssh/sshd_config in order to use it?
Edit: UsePAM is already set to yes, tried also all the possible combination of ChallengeResponseAuthentication and PasswordAuthentication yes and no values.
Upvotes: 1
Views: 556
Answers (1)
Reputation: 2195
That was mine mistake: The module was actually called, but it was trying to read a line from the console. While this works in login, it can't in SSH. The correct way to do that is to use
const char *username = NULL;
const char *password = NULL;
pam_get_item(pamh, PAM_USER, (const void **)&username);
pam_get_item(pamh, PAM_AUTHTOK, (const void **)&password);
This will set username and password with the values retrieved by SSH.
In order to get the password, set PasswordAuthentication to yes in /etc/ssh/sshd_config and in etc/pam.d/sshd replace @include common-auth with auth required your-module
Upvotes: 1
Related Questions
- Disabling password authentication for SSH doesn't work as expected Ubuntu 14.04 LTS
- pam_unix.so Prints "authentication failure" on Successful Login
- JSch PAM authentication - "Auth fail" - credentials are correct
- Custom PAM for SSHD in C
- Program is rceiving PAM_PERM_DENIED (7) when authenticating against Active Directory, while ssh works
- /bin/login checks passwd despite passing pam account checks
- Disabling ssh password authentication
- how can I change sshd use another pam configuration in /etc/pam.d?
- Python PAM non-interactive authentication
- pam.conf is empty empty