[sudo-users] How does sudo improve security.
Rogan Dawes
lists at dawes.za.net
Mon Apr 11 03:04:35 EDT 2005
mlh at zip.com.au wrote:
>The cracker's job (please, not hacker; that's something else) doesn't really
>get more access because he would still need to know the employee's password.
>Of course, it lowers the bar a little, because he only has to guess/discover
>only one of a number of user's passwords. So practice other good security;
>like use ssh. If you want to make it less brittle you can use other
>authentication mechanisms like securid but that may be overkill for you.
>
>Matt
>
>
Your comment raises an interesting issue. If one uses SSH for accessing
the system, using authorized keys, it may well happen that the password
on the system is unused for a long period of time. It also negates the
benefit of using strong key-based authentication in a way, if you now
ALSO have to remember a password.
Has anyone thought about extending sudo to authenticate the user by
using SSH's authorized_keys mechanism?
i.e. root maintains a list of users and their corresponding public keys.
If the user wishes to perform a sudo operation, they simply need to
prove that they have access to the corresponding private key. This could
be via typing the passphrase for a local private key, or possibly by
means of a query to an ssh-agent instance, if one is defined.
The list would have to be root-maintained, otherwise an attacker could
simply add their own public key to the user's authorized_keys file . . . .
Possible down-side is that the user gets no notification that a query is
being made to the ssh-agent. This means that malicious software/trojan,
etc could check to see if an agent is configured, then try to sudo
something, with no interaction required from the user.
There are probably ways in which this could be addressed, however.
Comments?
Rogan
More information about the sudo-users
mailing list