Re: git: d8560936e35c - main - security/pam_rssh: New port

In reply to: Romain Tarti�re : "Re: git: d8560936e35c - main - security/pam_rssh: New port"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Matthew Seaman <matthew_at_FreeBSD.org>
Date: Wed, 22 Mar 2023 07:54:22 UTC

On 22/03/2023 01:56, Romain Tartière wrote:
> Almost :-D  pam_ssh_agent_auth does not support the "new" OpenSSH -sk
> keys [1] (keys that are hardware backed [2]).  There was some effort to
> integrate his PAM module into openssh [3] but it has been abandoned.

Now, this is something that isn't clear to anyone trying to choose 
between the two implementations.  Or, at least, I didn't pick up that it 
was the significant difference.

I think that's definitely worth a comment in the pam_ssh_agent_auth port 
somewhere.

	Cheers,

	Matthew