As part of a contract, I ported pam_ssh to Solaris 9 and 10 (x86 and SPARC). I've submitted the code back upstream, but pending the patch submission process, I've uploaded the code here in case anybody desperately needs to make this work in the interim.

What's pam_ssh?

This PAM module provides single sign-on behavior for SSH. The user types an SSH passphrase when logging in (probably to GDM, KDM, or XDM) and is authenticated if the passphrase successfully decrypts the user's SSH private key. In the PAM session phase, an ssh-agent process is started and keys are added. For the entire session, the user can SSH to other hosts that accept key authentication without typing any passwords.
    - From:

The official site for pam_ssh is pam_ssh is licensed under a variety of OSS licenses, please see the included file COPYING for details.

Get pam_ssh for Solaris:

Note: The patch was created via hg diff and as a result will not apply with Solaris 10's default patch application. You will need to use a more modern patch program or grab the tarball.

  1. Install automake, autoconf and libtool (I use the CSW versions via pkg-get).
  2. Add these tools and gcc to your path. I used export PATH="/usr/sfw/bin:/opt/csw/bin:$PATH"
  3. Run: export MAKE=gmake
  4. Run: ./ && ./configure && make && make install
  5. Edit /etc/pam.conf, for example, by adding the lines in bold:
    login   auth requisite
    login   auth sufficient try_first_pass
    login   auth required 
    login   auth required 
    login   auth sufficient
    login   auth required 


    other   auth requisite
    other   auth sufficient try_first_pass
    other   auth required 
    other   auth required 
    other   auth sufficient
  6. You should now be right to log in with an SSH key passphrase and have the ssh-agent start running.