On 22/03/2023 01:56, Romain Tartière wrote:
Almost :-D pam_ssh_agent_auth does not support the "new" OpenSSH -sk keys [1] (keys that are hardware backed [2]). There was some effort to integrate his PAM module into openssh [3] but it has been abandoned.
Now, this is something that isn't clear to anyone trying to choose between the two implementations. Or, at least, I didn't pick up that it was the significant difference.
I think that's definitely worth a comment in the pam_ssh_agent_auth port somewhere.
Cheers,
Matthew
OpenPGP_signature
Description: OpenPGP digital signature
