Porting pam_ssh to Solaris

As part of a contract, I ported pam_ssh to Solaris 9 and 10 (x86 and SPARC). I’ve submitted the code back upstream, but pending the patch submission process, I’ve uploaded the code here in case anybody desperately needs to make this work in the interim.

What's pam_ssh?

This PAM module provides single sign-on behavior for SSH. The user types an SSH passphrase when logging in (probably to GDM, KDM, or XDM) and is authenticated if the passphrase successfully decrypts the user's SSH private key. In the PAM session phase, an ssh-agent process is started and keys are added. For the entire session, the user can SSH to other hosts that accept key authentication without typing any passwords.
    - From: http://developer.novell.com/wiki/index.php/Pam_ssh

The official site for pam_ssh is http://pam-ssh.sourceforge.net/. pam_ssh is licensed under a variety of OSS licenses, please see the included file COPYING for details.

Get pam_ssh for Solaris:

Note: The patch was created via hg diff and as a result will not apply with Solaris 10’s default patch application. You will need to use a more modern patch program or grab the tarball.

Install Process / HOWTO (based on Solaris 10)

  1. Install automake, autoconf and libtool (I use the CSW versions via pkg-get).
  2. Add these tools and gcc to your path. I used export PATH=“/usr/sfw/bin:/opt/csw/bin:$PATH”
  3. Run: export MAKE=gmake
  4. Run: ./bootstrap.sh && ./configure && make && make install
  5. Edit /etc/pam.conf, for example, by adding the lines in bold:

    
    login   auth requisite          pam_authtok_get.so.1
    login   auth sufficient         pam_ssh.so try_first_pass
    login   auth required           pam_dhkeys.so.1
    login   auth required           pam_unix_cred.so.1
    login   auth sufficient         pam_unix_auth.so.1
    login   auth required           pam_dial_auth.so.1
    

    ...

    
    other   auth requisite          pam_authtok_get.so.1
    other   auth sufficient         pam_ssh.so try_first_pass
    other   auth required           pam_dhkeys.so.1
    other   auth required           pam_unix_cred.so.1
    other   auth sufficient         pam_unix_auth.so.1
    

  6. You should now be right to log in with an SSH key passphrase and have the ssh-agent start running.