PAM authentication with gpg or ssh key

NIIBE Yutaka gniibe at
Wed Sep 30 02:17:10 CEST 2015


Yesterday, I included my answer to your question to a different
thread.  I should have replied to this post.

I think that your question is relevant to GnuPG community.

On 09/29/2015 02:06 AM, Schlacta, Christ wrote:
> Therefore, I'm looking for a way to have PAM query the ssh-agent
> remotely, or optionally locally in rare instances if possible, for
> authentication.

My answer was:
For authentication of sudo on remote machine, I think that we can use
pam_ssh_agent [0] together with GnuPG, if we can configure correctly.
I don't have any experiences, though.  It would be good if we can also
do similar thing directly by gpg-agent remote access.

[0] pam_ssh_agent:

I think that it's good if a user can consolidate his private key
management under GnuPG (possibly with OpenPGPcard compatible).
Besides, it would be good if OpenPGPcard can have more authentication
keys (for different purposes), too.

Perhaps, if there are some demands, I should write U2F module using
gpg-agent (and revive Scute, accordingly).  I believe that this is a
way to go, for those users who want to consolidate things cleanly.

More information about the Gnupg-users mailing list