Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This PAM module provides ssh-agent based authentication. The primary design goal is to avoid typing password when you sudo on remote servers. Instead, you can simply touch your hardware security key (e.g. Yubikey/Canokey) to fulfill user verification. The process is done by forwarding the remote authentication request to client-side ssh-agent as a signature request.
- Loading branch information
Showing
4 changed files
with
146 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,63 @@ | ||
PORTNAME= pam_rssh | ||
DISTVERSIONPREFIX=v | ||
DISTVERSION= 1.0.0-rc1 | ||
CATEGORIES= security | ||
|
||
MAINTAINER= romain@FreeBSD.org | ||
COMMENT= Remote sudo authenticated via ssh-agent | ||
WWW= https://github.com/z4yx/pam_rssh | ||
|
||
LICENSE= MIT | ||
LICENSE_FILE= ${WRKSRC}/LICENSE | ||
|
||
USES= cargo ssl | ||
USE_GITHUB= yes | ||
|
||
GH_ACCOUNT= z4yx | ||
GH_PROJECT= ssh-agent.rs:sshagent | ||
GH_TAGNAME= 91894139966e01941f17386a84c6b35e6ea155b8:sshagent | ||
GH_SUBDIR= dep/ssh-agent.rs:sshagent | ||
|
||
CARGO_CRATES= autocfg-1.1.0 \ | ||
base64-0.13.1 \ | ||
bitflags-1.3.2 \ | ||
byteorder-1.4.3 \ | ||
cc-1.0.78 \ | ||
cfg-if-1.0.0 \ | ||
error-chain-0.12.4 \ | ||
foreign-types-0.3.2 \ | ||
foreign-types-shared-0.1.1 \ | ||
futures-0.1.31 \ | ||
libc-0.2.139 \ | ||
log-0.4.17 \ | ||
multisock-1.0.0 \ | ||
once_cell-1.17.0 \ | ||
openssl-0.10.45 \ | ||
openssl-macros-0.1.0 \ | ||
openssl-sys-0.9.80 \ | ||
pam-bindings-0.1.1 \ | ||
pkg-config-0.3.26 \ | ||
proc-macro2-1.0.49 \ | ||
pwd-1.4.0 \ | ||
quote-1.0.23 \ | ||
serde-1.0.152 \ | ||
serde_derive-1.0.152 \ | ||
syn-1.0.107 \ | ||
syslog-5.0.0 \ | ||
thiserror-1.0.38 \ | ||
thiserror-impl-1.0.38 \ | ||
time-0.1.45 \ | ||
unicode-ident-1.0.6 \ | ||
vcpkg-0.2.15 \ | ||
version_check-0.9.4 \ | ||
wasi-0.10.0+wasi-snapshot-preview1 \ | ||
winapi-0.3.9 \ | ||
winapi-i686-pc-windows-gnu-0.4.0 \ | ||
winapi-x86_64-pc-windows-gnu-0.4.0 | ||
|
||
PLIST_FILES= lib/pam_rssh.so | ||
|
||
do-install: | ||
${INSTALL_LIB} ${CARGO_TARGET_DIR}/${CARGO_BUILD_TARGET}/release/libpam_rssh.so ${STAGEDIR}${PREFIX}/lib/pam_rssh.so | ||
|
||
.include <bsd.port.mk> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
TIMESTAMP = 1679275918 | ||
SHA256 (rust/crates/autocfg-1.1.0.crate) = d468802bab17cbc0cc575e9b053f41e72aa36bfa6b7f55e3529ffa43161b97fa | ||
SIZE (rust/crates/autocfg-1.1.0.crate) = 13272 | ||
SHA256 (rust/crates/base64-0.13.1.crate) = 9e1b586273c5702936fe7b7d6896644d8be71e6314cfe09d3167c95f712589e8 | ||
SIZE (rust/crates/base64-0.13.1.crate) = 61002 | ||
SHA256 (rust/crates/bitflags-1.3.2.crate) = bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a | ||
SIZE (rust/crates/bitflags-1.3.2.crate) = 23021 | ||
SHA256 (rust/crates/byteorder-1.4.3.crate) = 14c189c53d098945499cdfa7ecc63567cf3886b3332b312a5b4585d8d3a6a610 | ||
SIZE (rust/crates/byteorder-1.4.3.crate) = 22512 | ||
SHA256 (rust/crates/cc-1.0.78.crate) = a20104e2335ce8a659d6dd92a51a767a0c062599c73b343fd152cb401e828c3d | ||
SIZE (rust/crates/cc-1.0.78.crate) = 61375 | ||
SHA256 (rust/crates/cfg-if-1.0.0.crate) = baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd | ||
SIZE (rust/crates/cfg-if-1.0.0.crate) = 7934 | ||
SHA256 (rust/crates/error-chain-0.12.4.crate) = 2d2f06b9cac1506ece98fe3231e3cc9c4410ec3d5b1f24ae1c8946f0742cdefc | ||
SIZE (rust/crates/error-chain-0.12.4.crate) = 29274 | ||
SHA256 (rust/crates/foreign-types-0.3.2.crate) = f6f339eb8adc052cd2ca78910fda869aefa38d22d5cb648e6485e4d3fc06f3b1 | ||
SIZE (rust/crates/foreign-types-0.3.2.crate) = 7504 | ||
SHA256 (rust/crates/foreign-types-shared-0.1.1.crate) = 00b0228411908ca8685dba7fc2cdd70ec9990a6e753e89b6ac91a84c40fbaf4b | ||
SIZE (rust/crates/foreign-types-shared-0.1.1.crate) = 5672 | ||
SHA256 (rust/crates/futures-0.1.31.crate) = 3a471a38ef8ed83cd6e40aa59c1ffe17db6855c18e3604d9c4ed8c08ebc28678 | ||
SIZE (rust/crates/futures-0.1.31.crate) = 157731 | ||
SHA256 (rust/crates/libc-0.2.139.crate) = 201de327520df007757c1f0adce6e827fe8562fbc28bfd9c15571c66ca1f5f79 | ||
SIZE (rust/crates/libc-0.2.139.crate) = 638983 | ||
SHA256 (rust/crates/log-0.4.17.crate) = abb12e687cfb44aa40f41fc3978ef76448f9b6038cad6aef4259d3c095a2382e | ||
SIZE (rust/crates/log-0.4.17.crate) = 38028 | ||
SHA256 (rust/crates/multisock-1.0.0.crate) = 09b00b95a51f8573ee359668dfbfed424212dd0fc74df2333816fddff856f342 | ||
SIZE (rust/crates/multisock-1.0.0.crate) = 4643 | ||
SHA256 (rust/crates/once_cell-1.17.0.crate) = 6f61fba1741ea2b3d6a1e3178721804bb716a68a6aeba1149b5d52e3d464ea66 | ||
SIZE (rust/crates/once_cell-1.17.0.crate) = 32736 | ||
SHA256 (rust/crates/openssl-0.10.45.crate) = b102428fd03bc5edf97f62620f7298614c45cedf287c271e7ed450bbaf83f2e1 | ||
SIZE (rust/crates/openssl-0.10.45.crate) = 234763 | ||
SHA256 (rust/crates/openssl-macros-0.1.0.crate) = b501e44f11665960c7e7fcf062c7d96a14ade4aa98116c004b2e37b5be7d736c | ||
SIZE (rust/crates/openssl-macros-0.1.0.crate) = 5566 | ||
SHA256 (rust/crates/openssl-sys-0.9.80.crate) = 23bbbf7854cd45b83958ebe919f0e8e516793727652e27fda10a8384cfc790b7 | ||
SIZE (rust/crates/openssl-sys-0.9.80.crate) = 61687 | ||
SHA256 (rust/crates/pam-bindings-0.1.1.crate) = 95c337e922acb6ab9c3ddd1016fed13957a5bf14f51b6caa293ddc8dd47660ca | ||
SIZE (rust/crates/pam-bindings-0.1.1.crate) = 6829 | ||
SHA256 (rust/crates/pkg-config-0.3.26.crate) = 6ac9a59f73473f1b8d852421e59e64809f025994837ef743615c6d0c5b305160 | ||
SIZE (rust/crates/pkg-config-0.3.26.crate) = 18662 | ||
SHA256 (rust/crates/proc-macro2-1.0.49.crate) = 57a8eca9f9c4ffde41714334dee777596264c7825420f521abc92b5b5deb63a5 | ||
SIZE (rust/crates/proc-macro2-1.0.49.crate) = 41977 | ||
SHA256 (rust/crates/pwd-1.4.0.crate) = 72c71c0c79b9701efe4e1e4b563b2016dd4ee789eb99badcb09d61ac4b92e4a2 | ||
SIZE (rust/crates/pwd-1.4.0.crate) = 4145 | ||
SHA256 (rust/crates/quote-1.0.23.crate) = 8856d8364d252a14d474036ea1358d63c9e6965c8e5c1885c18f73d70bff9c7b | ||
SIZE (rust/crates/quote-1.0.23.crate) = 28058 | ||
SHA256 (rust/crates/serde-1.0.152.crate) = bb7d1f0d3021d347a83e556fc4683dea2ea09d87bccdf88ff5c12545d89d5efb | ||
SIZE (rust/crates/serde-1.0.152.crate) = 77091 | ||
SHA256 (rust/crates/serde_derive-1.0.152.crate) = af487d118eecd09402d70a5d72551860e788df87b464af30e5ea6a38c75c541e | ||
SIZE (rust/crates/serde_derive-1.0.152.crate) = 55586 | ||
SHA256 (rust/crates/syn-1.0.107.crate) = 1f4064b5b16e03ae50984a5a8ed5d4f8803e6bc1fd170a3cda91a1be4b18e3f5 | ||
SIZE (rust/crates/syn-1.0.107.crate) = 237539 | ||
SHA256 (rust/crates/syslog-5.0.0.crate) = 9a5d8ef1b679c07976f3ee336a436453760c470f54b5e7237556728b8589515d | ||
SIZE (rust/crates/syslog-5.0.0.crate) = 9014 | ||
SHA256 (rust/crates/thiserror-1.0.38.crate) = 6a9cd18aa97d5c45c6603caea1da6628790b37f7a34b6ca89522331c5180fed0 | ||
SIZE (rust/crates/thiserror-1.0.38.crate) = 18947 | ||
SHA256 (rust/crates/thiserror-impl-1.0.38.crate) = 1fb327af4685e4d03fa8cbcf1716380da910eeb2bb8be417e7f9fd3fb164f36f | ||
SIZE (rust/crates/thiserror-impl-1.0.38.crate) = 15429 | ||
SHA256 (rust/crates/time-0.1.45.crate) = 1b797afad3f312d1c66a56d11d0316f916356d11bd158fbc6ca6389ff6bf805a | ||
SIZE (rust/crates/time-0.1.45.crate) = 28911 | ||
SHA256 (rust/crates/unicode-ident-1.0.6.crate) = 84a22b9f218b40614adcb3f4ff08b703773ad44fa9423e4e0d346d5db86e4ebc | ||
SIZE (rust/crates/unicode-ident-1.0.6.crate) = 42158 | ||
SHA256 (rust/crates/vcpkg-0.2.15.crate) = accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426 | ||
SIZE (rust/crates/vcpkg-0.2.15.crate) = 228735 | ||
SHA256 (rust/crates/version_check-0.9.4.crate) = 49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f | ||
SIZE (rust/crates/version_check-0.9.4.crate) = 14895 | ||
SHA256 (rust/crates/wasi-0.10.0+wasi-snapshot-preview1.crate) = 1a143597ca7c7793eff794def352d41792a93c481eb1042423ff7ff72ba2c31f | ||
SIZE (rust/crates/wasi-0.10.0+wasi-snapshot-preview1.crate) = 26964 | ||
SHA256 (rust/crates/winapi-0.3.9.crate) = 5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419 | ||
SIZE (rust/crates/winapi-0.3.9.crate) = 1200382 | ||
SHA256 (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6 | ||
SIZE (rust/crates/winapi-i686-pc-windows-gnu-0.4.0.crate) = 2918815 | ||
SHA256 (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f | ||
SIZE (rust/crates/winapi-x86_64-pc-windows-gnu-0.4.0.crate) = 2947998 | ||
SHA256 (z4yx-pam_rssh-v1.0.0-rc1_GH0.tar.gz) = 8228ae7a2afccd141c1f2a19f942fb1cb3b5dc0032136553d289d781d4cb1500 | ||
SIZE (z4yx-pam_rssh-v1.0.0-rc1_GH0.tar.gz) = 12458 | ||
SHA256 (z4yx-ssh-agent.rs-91894139966e01941f17386a84c6b35e6ea155b8_GH0.tar.gz) = 3cdf7be1161d8afd499c5f43779eb188bb255c5981be268a300dfd229e218259 | ||
SIZE (z4yx-ssh-agent.rs-91894139966e01941f17386a84c6b35e6ea155b8_GH0.tar.gz) = 13221 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
This PAM module provides ssh-agent based authentication. The primary design | ||
goal is to avoid typing password when you sudo on remote servers. Instead, you | ||
can simply touch your hardware security key (e.g. Yubikey/Canokey) to fulfill | ||
user verification. The process is done by forwarding the remote authentication | ||
request to client-side ssh-agent as a signature request. |