Recent changes to feature-requests

sk-ed25519 support

Martin Jørgensen — Thu, 23 Mar 2023 17:15:31 -0000

Now that https://sourceforge.net/p/pamsshagentauth/feature-requests/10/ is fixed, would it not be easy to add support for 'sk-ssh-ed25519@openssh.com' keys as well?

#10 support ecdsa and ed25519 keys

Jakub Jelen — Mon, 17 Sep 2018 08:10:51 -0000

Yes

#10 support ecdsa and ed25519 keys

sergio — Sun, 16 Sep 2018 23:27:47 -0000

Should be closed as ecdsa and ed25519 keys are supported, right?

#8 suggestions from debian packaging

nospam5022 — Mon, 11 Jun 2018 17:43:08 -0000

Since this issue is still open, I guess it's as good a place as any to mention that the project is removed from testing and thus risk getting being dropped by Debian unless action is taken.

Relevant links: Please migrate to openssl1.1 in buster, pam-ssh-agent-auth REMOVED from testing, https://packages.debian.org/libpam-ssh-agent-auth

Actually covering the possible migration to openssl 1.1 is likely a topic for a separate issue. However, a relevant question could be whether targeting the newer openssl version or completely replacing the package with the code from pam_ssh_agent_auth-2.0 is be the better path to take?

#8 suggestions from debian packaging

Balint Reczey — Sun, 08 Jan 2017 19:05:07 -0000

Hi,

The project is now packaged in Debian, please file packaging related bugs/suggestions to Debian's BTS.

https://tracker.debian.org/pkg/pam-ssh-agent-auth

#10 support ecdsa and ed25519 keys

Jakub Jelen — Fri, 25 Mar 2016 09:39:05 -0000

As far as I know, what we do for Fedora is opensource and contribution to upstream projects is encouradged. So feel free to pick up what we have in dist-git. Or let me know if there is something unclear or anything I can do for you in this way.

We build the pam_ssh_agent_auth this way for years, but I did rebase to the current version of pam_ssh_agent_auth just recently, which was basically only removing most of your prefixes and cheching that I don't miss any symbols and functionality against your sources.

Moving to github would be great news since I really struggled with the SVN repository last time I had to dig up something from there.

#10 support ecdsa and ed25519 keys

jbeverly — Thu, 24 Mar 2016 17:39:20 -0000

@Jakub Any objections if I "borrow" that work. I have been porting to 7.2 myself to add certificate and the new curves. Had no idea fedora had done some of that work already. I plan on migrating source to github also, if that helps with future contributions.

#10 support ecdsa and ed25519 keys

roguelazer — Wed, 23 Mar 2016 00:02:26 -0000

@Jakub: I just built from the F23 sources, and it does indeed look a lot better. It'd still be great to upstream that work, though...

#10 support ecdsa and ed25519 keys

Jakub Jelen — Tue, 15 Mar 2016 13:10:14 -0000

Check pam_ssh_avent_auth package in Fedora/RHEL/CentOS. We rebase to current openssh libraries (and build against them). It is sometimes painful if there are extensive refactorization, but these keys are supported natively.

support ecdsa and ed25519 keys

roguelazer — Wed, 02 Mar 2016 21:34:27 -0000

OpenSSH 5.7 added support for ECDSA keys; OpenSSH 6.5 added support for Ed25519 keys. EC keys in general are quite convenient on constrained devices like mobile. The key-handling code in pam-ssh-agent-auth seems to predate them by a few years. What would it take to get support? It looks like key.c and key.h were pretty much copied wholesale from OpenSSH 5.1; is it just a matter of copying in key.c and key.h from a more modern release and renaming calls to fatal() to pamsshagentauth_fatal() instead?