You are not logged in.
- Topics: Active | Unanswered
#1 2009-09-09 08:22:44
- mikesd
- Member
- From: Australia
- Registered: 2008-02-01
- Posts: 788
- Website
Simplifying the login authentication process.
At the moment when I boot my main workstation I go through the same process each time.
1. Enter passphrase for an encrypted data partition.
2. Enter username and password to login.
3. Enter passphrase for my SSH key to give me access to my home and work servers.
I know that with a bit of scripting I could combine 1 and 3 as the encrypted partition contains only data and is not needed for booting and could be unlocked manually without using /etc/crypttab. I would like to combine all three somehow so ideally I enter my username and a passphrase which gives me access to the machine itself and unlocks my encrypted partition and my SSH key. I have been googling around but haven't found anything yet. I'm guessing a solution would involve login or PAM but don't really know for sure. A simple solution would be for the login app to have the option of forwarding your password/passphrase to a user script though this does sound like a security risk which is probably why it isn't builtin. 
Anyone heard of something similar or know of a better way of doing this?
Offline
#2 2009-09-09 09:54:02
- seiichiro0185
- Member
- From: Leipzig/Germany
- Registered: 2009-04-09
- Posts: 226
- Website
Re: Simplifying the login authentication process.
you could use pam_ssh for unlocking the ssh-key and pam_mount for unlocking the data partition, there should be howtos somewhere that show how to configurre both of them to use your login password so you only need you normal login with user + password once
My System: Dell XPS 13 | i7-7560U | 16GB RAM | 512GB SSD | FHD Screen | Arch Linux
My Workstation/Server: Supermicro X11SSZ-F | Xeon E3-1245 v6 | 64GB RAM | 1TB SSD Raid 1 + 6TB HDD ZFS Raid Z1 | Proxmox VE
My Stuff at Github: github
My Homepage: Seiichiros HP
Offline
#3 2009-09-09 10:11:37
- mikesd
- Member
- From: Australia
- Registered: 2008-02-01
- Posts: 788
- Website
Re: Simplifying the login authentication process.
Many thanks. I eventually found pam_mount mentioned in a tutorial but had not come across pam_ssh. Will definitely check them out. pam_ssh sounds exactly what I want:
This PAM module provides single sign-on behavior for SSH. The user types an SSH passphrase when logging in (probably to GDM, KDM, or XDM) and is authenticated if the passphrase successfully decrypts the user's SSH private key. In the PAM session phase, an ssh-agent process is started and keys are added. For the entire session, the user can SSH to other hosts that accept key authentication without typing any passwords.
This sounds like you can actually authenticate by successfully decrypting your ssh private key. Two birds with one stone.
Thanks.
Offline