By default, pam_ssh tries to read key only from default keyfile locations. Although it allows to override these paths using PAM options, such method requires root privileges, applies the path to all users and still doesn't allow user to keep the key outside his ~/.ssh without using symlinks. I've created two patches to overcome that difficulties. First of them simply allows pam_ssh to read keyfiles from outside ~/.ssh. If keyfile path starts with slash, it assumes it's absolute path and uses it so. If it starts with '~/', it uses it as a path relative to user's homedir. Else (to retain compatibility) it assumes it's path relative to ~/.ssh. Second patch adds simple ~/.ssh/config reading support. With it, pam_ssh tries to get additional (to default ones) keypaths from the 'IdentityFile' configvars. The parser is quite dirty although.
Created attachment 196609 [details, diff] Support keyfiles outside ~/.ssh
Created attachment 196611 [details, diff] Get keypaths from config
Created attachment 196612 [details] Ebuild with patches
I think the patch should probably get submitted upstream, as you are the author, would you please do that?
Ok, I've dumped the patch for pam_ssh-1.97 and submitted it upstream.
Oh, I see that 'URL' field doesn't support multiple values. * http://sourceforge.net/tracker/?func=detail&aid=2816734&group_id=16000&atid=316000 * http://sourceforge.net/tracker/?func=detail&aid=2816735&group_id=16000&atid=316000
Created attachment 199621 [details, diff] Support keyfiles outside ~/.ssh (for 1.97)
Created attachment 199623 [details, diff] Get keypaths from config (for 1.97)
Created attachment 199625 [details, diff] Diff to add patches to ebuild
Since this is a feature request and we/I are already swamped as it is, please do submit this upstream, once they merge it in and release I'll bump and get it in Gentoo.
(In reply to comment #10) > Since this is a feature request and we/I are already swamped as it is, please > do submit this upstream, once they merge it in and release I'll bump and get it > in Gentoo. I've already done that but upstream doesn't seem responsive (no activity since 100+ days).
That's a very good reason for which I don't want to have a fork in Gentoo.