Call Pam module before public key authentication on SSH

fliX asked:

I am currently writing a pam module which does some checks if the key stored in authorized_keys is still valid. However I cant find a possiblity to run the module before the public key authentication of openSSH itself takes place. Is anybody aware of a method to accomblish that?

My answer:

You can’t.

When public key authentication is used, PAM authentication is never called.

I don’t know what you’re trying to do, since you didn’t say (and you should have) but you might find that the sshd ForceCommand option can be made to do what you want.

View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.